After the new revelations every site who's using SSL should be using Perfect Forward Secrecy with it, too. Right now, only a few known companies like Google (only for the search engine probably), DuckDuckGo, and Ixquick/Startpage are using it.
Considering NSA is collecting as many keys as possible, let's at least make their job exponentially harder by encrypting every session and every message with a new key with PFS. It's the least these companies can do, if they're serious about their users' privacy.
Also, as Bruce is saying - use 3072 bit or even 4096 bit RSA keys (or better alternatives) and AES-256 as soon as possible (hopefully within a year).
Whilst it makes perfect sense, it's an exercise in frustration. An asymmetric key is usually used to protect a shared symmetric key. Generating a strong asymmetric key on a phone, for example, takes bloody ages. As ever, strong security comes at the expense of usability.
Considering NSA is collecting as many keys as possible, let's at least make their job exponentially harder by encrypting every session and every message with a new key with PFS. It's the least these companies can do, if they're serious about their users' privacy.
Also, as Bruce is saying - use 3072 bit or even 4096 bit RSA keys (or better alternatives) and AES-256 as soon as possible (hopefully within a year).