[zhemao]

If CloudSigma is using SSL with forward secrecy, tapping the fiber would be pretty useless.

Unless you're suggesting the NSA has compromised CloudSigma's internal network, which is possible.

[cloudsigma]

we do use forward secrecy for all our client facing services and of course accept https only. we are also looking at upgrading from 128bit to either 256bit or even 512bit to offer a further 'extended runway' against future direct decryption :)