[AnaniasAnanas]

Banks are not known for using the best/safest solutions. Just take 4 digit pins and 3DES into account for example.

> who only offer certs of RSA and P-{256,384}?

I am pretty sure that nginx and openssl only recently added support for ed25519 certificates. Although to be honest I don't really like the idea of let's encrypt. The addressing system that tor uses has solved that issue already.

> but where most browsers use secp256r1?

This is an issue. Browser vendors should prioritize the djb algorithms.