He gave up the cert, there was no PFS-only configuration, plus, presumably the FBI got to do their surveillance except instead of the target's email, they could read everyone's. So no, you are not right.
I was not aware he gave up the cert in the end. Thought he just closed website without disclosing TLS cert. Now it looks way worse than I imagined.
Anyway, I really hope that it leads to adoption of backward-compatible and secure email protocols. Server encryption can't be trusted anymore anyway, we need end-to-end encryption.
The business with the cert was just the final outcome. The initial mistake was making and selling snake oil. It is possible for someone to innocently do this, out of inexperience and ignorance.
Over time, though, it's become increasingly clear Ladar Levison is just a snakeoil salesman who misled his users. He's never acknowledged he did anything wrong. Don't fall for his posturing about 'Freedom'.
From what I read, he gave up the SSL cert by printing out a hard copy in a tiny font, and when he was ordered to provide a digital copy, he shut down the service.
> At approximately 1:30 p.m. CDT on August 2, 2013, Mr. Levison gave the F.B.I. a printout of what he represented to be the encryption keys needed to operate the pen register. This printout, in what appears to be four-point type, consists of eleven pages of largely illegible characters.
And:
> On August 8th, rather than turning over the master key, Levison shut down Lavabit.