[amaccuish]

Was just deciding whether to order smartcards with 4096 RSA or NIST ECC curve support. Whilst not directly related to this, I feel RSA has been examined more closely than ECC given it's long history now of use. Not sure I fully trust the NIST curves, or have faith that ECC implementations have been thoroughly tested.

[tptacek]

I don't think this is a particularly productive way to look at things. RSA has been used for a long time, but the vulnerabilities we find in RSA implementations (for instance, the recent Yubikey RSA keygen flaw) tend to be traceable to things we knew a decade, or sometimes two decades, ago. There's very little general evidence of maturity in crypto development, so that you'd assume that a vendor would learn from industry experience in building something. You just have to sort of guess which constructions they'd have an easier time coding safely.

[myWindoonn]

Disregard feelings, acquire evidence: http://safecurves.cr.yp.to/index.html

[pfg]

One could argue that things like the Infineon prime number generator weakness affecting RSA keys are much more severe than this, but honestly, just flip a coin until modern curves become viable for typical smartcard use-cases.