It's really clear why people would want a non-hybrid code point.
To me it really isn't. TLS has no need for it. But let's focus the context for some US government organisations that want this for their FIPS maturity level they're aiming for. Why would these organisations want a weaker algorithm for TLS than what is standardised; more importantly how does it benefit deployment except save a tiny bit of computation and eliminate some ECC code. I'm not going to jump the shark and say it is nefarious, but I will throw in my 2 cents and say it doesn't help security and is unnecessary.
And this gets back to the Dual-EC argument, right? Dual-EC was standardized as this weird government thing that maybe you technically need for FIPS, but obviously if you're seriously designing a cryptosystem you wouldn't choose it. And that seems to be GP's position on non-hybrid PQ as well -- just that the reason for not choosing it is "it introduces risk for very little benefit" instead of "it is obviously a bumbling attempt at introducing a backdoor".
> Dual-EC was standardized as this weird government thing that maybe you technically need for FIPS, but obviously if you're seriously designing a cryptosystem you wouldn't choose it.
Unless NSA pays you $10 million, as they did to RSA, to make said obviously bumbling attempt the default in their security products.
Yeah. Like, the argument here is that the reason government agencies push stuff into standards is because they do in fact want people to use it. "Well government purchasing is just Like That, surely no one will actually use this option in the real world" is an even weaker counter-argument if the option is not obviously backdoored.
To me it really isn't. TLS has no need for it. But let's focus the context for some US government organisations that want this for their FIPS maturity level they're aiming for. Why would these organisations want a weaker algorithm for TLS than what is standardised; more importantly how does it benefit deployment except save a tiny bit of computation and eliminate some ECC code. I'm not going to jump the shark and say it is nefarious, but I will throw in my 2 cents and say it doesn't help security and is unnecessary.