There was a recent flurry of buffer overflows in SHA3
implementations. I'm aware of at least PHP being affected.
Wanting Ed448 for political reasons, or purely for psychological
comfort reasons, is a perfectly understandable stance to take as a
non-expert.
Unfortunately, the details that experts are privy to matter a ton, and
severely outweigh any notions of having eggs in multiple
baskets. We're open to having our risk calculus checked, but we're
nearly unanimous on this one.
Who's "we" here? I think Filippo has a mainstream take on the 448 curves, but I don't know that your take on SHA3 is widely shared.
We here is people who don't advise using Ed448. It's tautology.
You don't have to agree with the specific reason I cited. That isn't encapsulated by "we". I was providing an additional argument in case the mainstream take isn't sufficient.
You cut the "To add to what Filippo said" part out of the excerpt you quoted, which was the necessary context to understand I was making an additional, supplementary argument.
