[dingaling]

> It technologically impossible/impractical to have a separate SSL cert for each user, that is just not how the HTTPS protocall was designed

Not impossible; each paying user[0] could be granted their own subdomain based on username and then an SSL cert issued specific to that domain.

What really stands out from reading the unsealed documents is that there was no separation of data and control within Lavabit; Mr Levison argues at one point that handing-over the SSL certs will also expose his administrative commands. Well, tough. Control and data should never flow in the same channel, particularly when handling data for which you have already received and processed warrants in the past.

[0] there were only 10,000 users paying for the high-security service. The other 400,000 were on the standard offering, without at-rest encryption.