In fact, the NIST has recommended that all SSL systems be upgraded to 2048 bit keys by January 1st, 2011. This recommendation will have "teeth" for financial institutions that must comply with PCI guidelines, and healthcare that must comply with HIPPA, ARRA, and HITECH regulations.
The problem is that encryption with larger key sizes is computationally much more than 2x expensive. In fact, compute costs are based on a cube of key size, meaning encryption using a 2048 bit private key can be as much as 30x more expensive than 1024 bit.
I agree that website operators should encrypt everywhere, however, encryption with weak keys might be almost as bad as no encryption in the near future, by giving people a false sense of security.
If you are running a serious volume website, you pretty much need SSL accelerators to handle the volume of traffic with 2048 bit encryption. 1-2% CPU load on your web servers can be managed, but 30-60% cannot.
How'd you get 30? From what you said, it sounds like it should be 2^3 = 8 times as expensive.
It depends on the implementation. Some implementations are more computationally expensive than others.
Average of 5x reduction in transactions per second when moving from 1024 bit to 2048 bit keys.
Cost(1024) = (1024*x)^2
Cost(2048) = (2048*x)^2 = (2*1024*x)^2 = 4 * (1024*x)^2
2^3, or 8 times more expensive.
I do hope that the factor on those two numbers is not the same though! So eventually one will win.
Say what you will, but the difficulty of brute-forcing decryption is based on key length. You might be able to optimize the encryption using a certain length, but the key will still be vulnerable if it is only 1024 bit (as the article suggests).
It's the key exchange at the start of a session that requires the server to perform expensive RSA operations, which is why session caching helps.