Silicon.com: Snooping Bill drives first ISP abroad

Mon, 10 Jul 2000 13:45:16 +0100

>Assuming an SSL offshore server, I seem to recall the SSL private key would
>allow you to unlock the traffic *flowing locally through the dialup service*

Depends on the ciphersuite you are using. If you configure your software only to 
use authenticated Diffie-Hellman key negotiation, an attacker can only use the 
(server or client) private key to do a man-in-the-middle attack: it won't let 
him/her decrypt previously captured traffic.

Ian :)