Re: NIST is being prudent
Personally, I think ECC has years of life (and world+dog is moving towards it)
Almost certainly.
and that the NSA's recent about-face is more politics than anything else (e.g. http://cacr.uwaterloo.ca/~ajmeneze/publications/pqc.pdf ).
There are many possibilities. FUD is definitely one. But let's assume the NSA is privy to a non-NOBUS attack (i.e., one they think someone who isn't the NSA could discover) against ECC. If it's a QC attack, then it will be a long time before it's economical to apply it to traffic that isn't very valuable to the attacker. Even if it's a conventional attack, the economics may not make it worth attacking generic HTTPS traffic and the like.