This is a REALLY good article about the reality of forward encryption (that is, whether or not you can decrypt a network stream after-the-fact if you someday discover the server’s private key).
Originally shared by Jean-Marc Liotier
The state of Perfect Forward Secrecy today…
http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html
Kind of scary. If you want a secure connection you need to find a Russian server.
Robert Love made an excellent comment on this article: “In a nutshell, PFS is how you’d think SSL ought to work.”