I recently started using both an ECC (comodo) and an RSA (geotrust wildcard) cert on www.isc.org, and what we're discovering is that the level of root cert adoption is wildly disparate.
Case in point, Comodo's ECC intermediate certs aren't even on their site:
Addiitonally, SSLLabs penalizes me for having certificate issues, because I have all the certs required for maximum visibility.
It's my general feeling that if your client is doing a cipher order that allows you to use ECDHE ciphers, and thus prefer our ECC certs, you should probably have a current cert bundle, but we're a somewhat visible organization, so when we break, people notice, complain on twitter, email us asking if we've been hacked, etc.
It would be nice if we could still get an "A" on ssllabs in this case -- something we could point people at and say "no, please update your browser".
Ivan, any ideas as to how we could get both dual-certs, and get an A?
ISC Operations Group