Is it absolutely necessary to help NIST here? Can't the IETF come up with its own standards and leave it at that? The U.S. government is free to adopt the same standards later on (just like all the other governments) or create its own broken ones, I don't really care about that. The NSA isn't going to use whatever NIST ends up adopting anyway. It's going to use its own crypto for classified stuff.<p>I'd rather not risk another Dual_EC fiasco with everyone trusting NIST to do the right thing, and then it doesn't. They almost messed up SHA3, too, if it wasn't for vocal opposition from the community. They've proven to be untrustworthy a few too many times.