Maybe so, but given the relatively minor advantages of ECC certs I can see why a CA might not want to take any risks. They are sitting ducks for patent trolls.

I think ECC will still happen, though we end up back into NSA fear territory thanks to the stupid way secp256r1 was defined. Hopefully there's no back door.

On Fri, Mar 21, 2014 at 1:25 PM, Adam Back <adam@cypherspace.org> wrote:

According to Bernstein it's patent FUD (expired, ancient and solid prior
art).

http://lists.randombit.net/pipermail/cryptography/2013-August/005126.html

Adam

On Fri, Mar 21, 2014 at 12:33:57PM +0100, Mike Hearn wrote:

Oh, one other reason I found - apparently RIM, at least in the past,
has been telling CA's that they need to pay mad bux for the Certicom
ECC patents. So that's another reason why most certs are still using
RSA.