Rick Moen via luv-main writes:
But if you stay clear of the particular NIST EC option, then other EC options are okay.
Well, that's the interesting question, isn't it? It's not at all clear that such are OK. (Please see links.) Much has necessarily been cast into doubt.
My (armchair, inexpert) impression is that this isn't a reasonable inference. It'd be like saying "the wheel feel off my bicycle, therefore all wheeled vehicles are suspect".
For me specifically as opposed to most people here, the subversion of NIST was particularly irritating because it's funded by _my_ tax dollars. ('Their recommendtions' were seemingly fed to them by No Such Agency -- and NIST had the abysmal judgement to accept same uncritically.)
You may also wish to be angry about more broadly, about https://en.wikipedia.org/wiki/FIPS_140-2#Reception http://opensslrampage.org/post/83555615721/the-future-or-lack-thereof-of-lib... You may also wish to be angry about the slow takeup of IPSec. ISTR rumours of the NSA filibustering the design committee, with the goal of making it so painful to use that most people wouldn't bother. Mission accomplished.