Much like one of the posters in that thread I was confused by the headline. I kept waiting for dire warnings about drawbacks of a monoculture that never came. I’ve always been wary of putting all my eggs in one basket. Is it because they’re talking about a monoculture of algorithms and not implementations this is not a problem here?
[Comment removed by author]
It’s a different kind of trust. It’s not like we’re taking his word that all these things are secure, these systems have all been peer reviewed, the math verified, and many attacks attempted. We’re moving to them because they appear to be better.
There is some trust involved, there might be a systematic flaw in Bernstein’s thinking, but with the review all these things have received it would also be a systematic flaw in the security community generally. That’s the same trust we’ve always had to have.
One of the advantages of a one man show is that it bounds the complexity of the proof of correctness. More sophisticated protocols designed by committee often get out of hand. Everybody pushes decisions down, like “a reasonably competent implementer should avoid this pitfall.”
Assume one programmer can verify the correctness of a 100 line program. Would you assume ten programmers can verify the correctness of a 1000 line program?