Nice blog 
You might want to add some more stuff to the ECDSA part: since https://github.com/letsencrypt/boulder/pull/1298 has been committed, Boulder can be configured to accept CSR’s with ECDSA public keys. The certificate will be signed with the RSA intermediate certificate ofcourse, but it would be possible to use cipher suits such as ECDHE-ECDSA-AES256-GCM-SHA384 in stead of ECDHE-RSA-AES256-GCM-SHA384…
BTW, currently, the live Boulder server isn’t accepting ECDSA CSR’s. As soon as the LE guys have a chance to enable it, it should be OK.