[enaeseth]

Will having the private key allow the decryption of ciphertext that was previously intercepted (while the service was active) and stored? Lavabit was already shut down, so this revocation is equally useless for user security. :(

[bcoates]

If the connection was using a forward-secret key exchange (like DHE or ECDHE), then no. Unfortunately it's common not to and browsers don't do anything to warn people that they're using a low-security mode.

[Amadou]

FWIW, just now I went looking for a firefox plugin that reports (in a human-friendly way) whether or not the SSL connection for a page is using perfect forward secrecy (PFS).

I found "Calomel SSL Validation," which I am about to install. The PFS reporting only works with Firefox 25 and up.

https://addons.mozilla.org/en-US/firefox/addon/calomel-ssl-v...

[davidism]

Thanks for finding this. Calomel's website [1] gives much more information about how the scoring is done as well as security in general; very interesting.

[1] https://calomel.org/firefox_ssl_validation.html

[mstrem]

Also the Netcraft Extension gives you this information: http://news.netcraft.com/archives/2013/09/06/perfect-forward...

[sdfjkl]

Sadly it comes with an awful toolbar.

[porges]

It depends on what ciphersuite was being used for the particular session. Some offer forward secrecy, but not all.