Comment by api

The problem with formal centralized standards is that they tend to become ceilings rather than floors for quality, and it's hard to write them otherwise. They do however serve a function in keeping total snake oil crypto out of government and industry. Having some rubber stamp from people who at least know something keeps people with no knowledge of cryptography from buying the latest absolutely uncrackable post-quantum military grade AES-4096 cryptography product.

I'm also not sold on the idea that informal popularity contests or academic processes (which are often themselves opaque) are always superior to formalized cryptography standards. It's absolutely possible for modern intelligence agencies to infiltrate, steer, and subvert decentralized communities and private sector institutions. We see it all the time.

IMHO Internet culture is unbelievably naive about this. Everyone of course believes that they are hip and smart enough to spot astroturf and could never be conned. Everyone thinks only other people who are obviously less savvy and smart than them could be conned. "Wake up sheeple!" is never spoken to the mirror.

For all we know the NIST curves and AES are stronger than the other stuff and there's an astroturf effort to get non-government entities not to use them! Get the hipsters using vulnerable stuff while NIST/NSA keep recommending the good stuff for classified government use. How do we know DJB doesn't work for the NSA? (I do not believe any of this.!)

This way is madness. So I stick with the rule of "solid evidence or go home" when it comes to allegations and with general consensus of people who seem to know more than myself when it comes to algorithms and constructions.