

How fucked is SSL? - jacobian
https://gist.github.com/alex/5760270

======
anologwintermut
Google actually has forward secrecy which prevents an attacker from doing
anything passive even if they have google'e key.
[http://www.imperialviolet.org/2011/11/22/forwardsecret.html](http://www.imperialviolet.org/2011/11/22/forwardsecret.html)

Of course, if they have access to google's servers(and can get the ephemeral
keys) or can mount active attacks, this doesn't stop anything.

