Background

I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site.

Does Certicom have intellectual property rights that prevent other issuers from offering EC certificates? Does a widely-used browser fail to support ECC? Is ECC a bad fit for traditional PKI use like web server authentication? Or is there just no demand for it?

I'm interested in switching to elliptic curve because of the NSA Suite B recommendation. But it doesn't seem practical for many applications.

Bounty Criteria

To claim the bounty, an answer must provide a link to a page or pages at a well-known CA's website that describes the ECC certificate options they offer, prices, and how to purchase one. In this context, "well-known" means that the proper root certificate must be included by default in Firefox 3.5 and IE 8. If multiple qualifying answers are provided (one can hope!), the one with the cheapest certificate from a ubiquitous CA will win the bounty. If that doesn't eliminate any ties (still hoping!), I'll have to choose an answer at my discretion.

Remember, someone always claims at least half of the bounty, so please give it a shot even if you don't have all the answers.