Maybe so, but given the relatively minor advantages of ECC certs I can see
why a CA might not want to take any risks. They are sitting ducks for
patent trolls.

I think ECC will still happen, though we end up back into NSA fear
territory thanks to the stupid way secp256r1 was defined. *Hopefully* there's
no back door.


On Fri, Mar 21, 2014 at 1:25 PM, Adam Back <adam@cypherspace.org> wrote:

> According to Bernstein it's patent FUD (expired, ancient and solid prior
> art).
>
> http://lists.randombit.net/pipermail/cryptography/2013-August/005126.html
>
> Adam
>
>
> On Fri, Mar 21, 2014 at 12:33:57PM +0100, Mike Hearn wrote:
>
>>   Oh, one other reason I found - apparently RIM, at least in the past,
>>   has been telling CA's that they need to pay mad bux for the Certicom
>>   ECC patents. So that's another reason why most certs are still using
>>   RSA.
>>
>