As someone who works on embedded devices, yes. The whole system can have 256KB of flash or less. 1 or 2KB for keys hurts, but is manageable. 65KB means that much of the IoT will not be upgraded to post-quantum security.
IoT devices should be behind private networks rather than being directly accessible to the internet anyway. Said devices can use a "weaker" algorithm like NTRU.
> IoT devices should be behind private networks rather than being directly accessible to the internet anyway.
Hogwash. You just reduced my reliability by a dramatic amount. Not only does my IoT device have to be functional, but it now has to have a gateway that is functional at the same time in order to be useful. Uh, yeah, no.
And, besides, a private network is only private until one of the devices gets compromised. Then it's not private anymore.
Better to make your device capable of living on the real, hostile Internet.
> Not only does my IoT device have to be functional, but it now has to have a gateway that is functional at the same time in order to be useful
Consider it differently. Your IoT stove, IoT coffee maker, IoT washing machine, IoT lights, etc do not need to be secure if they are behind a secure gateway.
> And, besides, a private network is only private until one of the devices gets compromised. Then it's not private anymore.
The gateway makes sure that nobody but you will be able to access (and thus compromise) your IoT freezer.
> Better to make your device capable of living on the real, hostile Internet.
Sure, but considering the amount of IoT botnet that is out there I do not think that this is going to happen.
So why not use the other alternatives or IoT or have a separate standard for them? One size fits all is good but not if it means making costly sacrifices in my opinion
