I think the revocation misses the point: "if" the NSA has been logging all the traffic from Lavabit for the last 6 months, they can now use the SSL key to decrypt all the data they've stored. It's not just about future communications, but about decrypting the past.
> “[W]e’re compelled by industry policies to revoke certs when we become aware that the private key has been communicated to a 3rd-party and thus could be used by that party to intercept and decrypt communications”<p>This raises an interesting possibility of civil disobedience. Imagine if there was a site hosted in, say, russia, which received tip-offs from NSL recipients about these SSL seizures. And imagine they then informed the SSL issuers, who would revoke the certs, rendering the old ones useless and forcing the FBI back into court, with no-one to point a finger at.<p>I suppose the FBI would just request an order for all future certs as well.
already discussed at <a href="https://news.ycombinator.com/item?id=6517553" rel="nofollow">https://news.ycombinator.com/item?id=6517553</a><p>no need for a Forbes link of all.things.
<i>Thanks to Lavabit’s design, Levison could not simply offer a tap of a particular user’s communications if that user had paid for a secure, encrypted account.</i><p>That line really bothered me. The government demanded access to all user's data and this line places the responsibility for that onto Lavabit. The government wants all of our data, all of the time. They are the responsible party not Lavabit.
The site is down due to Lavabit's decision. GoDaddy pulling it's certificate is just a PR move. GoDaddy supported SOPA, which is very much in line with what NSA demanded of Lavabit.
<i>Knowing that the FBI has Lavabit’s keys, GoDaddy shuttered its secure site.</i><p>Next: Getting a judge to forbid GoDaddy etc from revoking the certificates.<p>Interesting times we live, a parallel reality is created