So, do we DSCP or COS ?
What are the benefits or issues? Based on my current understanding then DSCP is the way forward when working with Cisco based infrastructure. If you mark DSCP on the switch (2960+) then its automatically mapped to its DSCP value as the switch forwards the packet.
As the packet hits the router then unless a specific policy is in place the packet will be forwarded as is with the markings intact.
If the packet passes through an ASA then again as with the router the packet will be forwarded intact. If the the traffic is part of an IPSEC VPN then the ASA will inject the mapping into the encrypted packet and as long as you have a similar trust domain at the far end then the marking will be processed end-to-end.