Sorry, I was confusing this with something else (ECDH_RSA suites, where you can achieve decent levels of forward secrecy by signing a new ECDH key offline every minute or so). All ECDHE_ suites need the high value key to be online at all times, because the signed data includes per-handshake values.