Elliptic curve groups have barely been tested for interoperability. The SHOULDs in section 8.3 and 8.4 should be reduced to MAYs. As wonderful as EC cryptography is supposed to be, it is overkill to make it a near-requirement when probably fewer than 10% of implementations today use it. --Paul Hoffman, Director --VPN Consortium