It's fairly obvious that you have no clue how SSL actually works.
Do you honestly think that it would make sense to set up a completely new domain for each and every user? Do you have any idea what a nightmare that would be to support? Do you think it would be cost effective to spend $50/year per user to implement such a system?
And do you really think that SSL has anything at all to do with the encryption used for storing data inside his system?
Actually you could implement it rather easily using a wildcard cert and a CA provider that provides unlimited signings (like DigiCert). The user goes to "https://myuser.whatever.com", and you use SNI to select the private key.
It might be a pain to manage, and you'd need to get your wildcard cert resigned for each private key, but that's just logistics.
That would cause any particular user to leak what user on the site they were. In other words, if I connect with https to lavabit normally, anyone watching my connection knows I went to lavabit, but don't know what account I am associated with. If I have to hit a subdomain specific to my user, then they know.
It would be a nightmare to manage, and you would have to explain to all 400k of your customers how connect to the smtp/imap endpoint for that particular user.
Completely and totally unrealistic for an email provider. The support costs alone would bankrupt the company.
Sad that the parent is being down voted for being 100% correct.
He designed his system to have a single point of failure. The government then exploited that fact because it would allow them to get access to the data they want. This is Lavabits fault, not anyone elses.
Perhaps the problem is believing that using SSL exactly as designed is the right solution. Somehow tarsnap manages to keep my data safe without relying solely on SSL.
No one designs systems like that because, up until now, the threat of having the feds confiscate your private SSL keys was unthinkable for those of us who don't wear tinfoil hats.
And it's still not 100% clear that forcing a business to hand over their keys is even legal from a constitutional standpoint.
The site wasn't designed to be 100% secure most likely due to it being overly complex and burdensome on the end user, thus reducing uptake. So a comprise was made and that is why it was designed the way it was...thus leading to a subpoena for the entire site since Lavabit didn't comply with handing over a specific users data.
Also it is legal for the site to hand over their keys, it already happened. The only way it will become illegal is if the law somehow gets repealed.
What? The site WAS designed to be 100% secure, which is why the government demanded he hand over his private keys.
There was no compromise anywhere, financial institutions use the same exact security strategy. An insecure system would be one that makes it easy for a 3rd party to intercept communications (via warrant or through a disgruntled employee or whatever), that is basically what you are suggesting.
But that bolsters the EFF's argument, does it not?
I mean, on a technical level, you may be right, but the 4th Amendment is not something that protects only as long as the government does not exploit these technical details. See Kyllo v. United States.
Because an SSL certificate is linked to a specific domain. It has nothing at all to do with user accounts. Creating a custom domain for each and every user is totally nonsensical from both a business and technical standpoint.
God did not say "Lavabit must only use SSL and cannot use any other measures to fulfill its understood and contractual obligations with customers". That is ridiculous.
Name me one large company using HTTPS, with separate SSL server certs for each user.
Just one. I'll wait.