In Serious Cryptography, in the intro to chapter 12, you say that a 256-bit EC key is stronger than 4096-bit RSA. What's your source?
Conversation
That's saying a 384-bit EC key is equivalent to a 7680-bit RSA key which is probably based on the NIST recommendations:
keylength.com/en/4/
They consider 256-bit EC keys and 3072-bit RSA keys to be the equivalents to 128-bit symmetric keys in their recommendations.
I don't really see the point in fretting about it. Session keys need to hold up over a very long period of time. DHE and ECDHE are where the key strength really matters. A site's certificate gets rotated away. Captured sessions are forever. Breaking them in 15 years could matter.