PFS has gained attention in our audit department because of its innate ability to limit our exposure if someone steals our private key.

• What pitfalls or common mistakes should I be aware of before implementing this? Anything administrative, implementation-specific, or platform-specific?
• Are there misconceptions regarding what PFS can and can't do? Could our Audit department need a reality check?
• Are the benefits of PFS limited by application? (web vs smtp, etc)

Some of these concerns come from this answer, which seems to imply that not all web clients will support PFS. Prior to making PFS mandatory on our server, I would like to account for and prepare for the incompatibilities.

• Would it be reasonable to expect my OS vendor or load balancer (SSL Offloading) to support reporting of encryption used? I'd like to generate usage statistics.

PFS has gained attention in our audit department because of its innate ability to limit our exposure if someone steals our private key.

• What pitfalls or common mistakes should I be aware of before implementing this? Anything administrative, implementation-specific, or platform-specific?
• Are there misconceptions regarding what PFS can and can't do? Could our Audit department need a reality check?
• Are the benefits of PFS limited by application? (web vs smtp, etc)

Some of these concerns come from this answer, which seems to imply that not all web clients will support PFS. Prior to making PFS mandatory on our server, I would like to account for and prepare for the incompatibilities.

• Would it be reasonable to expect my OS vendor or load balancer (SSL Offloading) to support reporting of encryption used? I'd like to generate usage statistics.

PFS has gained attention in our audit department because of its' innate ability to limit our exposure if someone steals our private key.

• What pitfalls or common mistakes should I be aware of before implementing this? Anything administrative, implementation-specific, or platform-specific?
• Are there misconceptions regarding what PFS can and can't do? Could our Audit department need a reality check?
• Are the benefits of PFS limited by application? (web vs smtp, etc)

Some of these concerns come from this answer, which seems to imply that not all web clients will support PFS. Prior to making PFS mandatory on our server, I would like to account for and prepare for the incompatibilities.

• Would it be reasonable to expect my OS vendor or load balancer (SSL Offloading) to support reporting of encryption used? I'd like to generate usage statistics.

PFS has gained attention in our audit department because of its innate ability to limit our exposure if someone steals our private key.

• What pitfalls or common mistakes should I be aware of before implementing this? Anything administrative, implementation-specific, or platform-specific?
• Are there misconceptions regarding what PFS can and can't do? Could our Audit department need a reality check?
• Are the benefits of PFS limited by application? (web vs smtp, etc)

Some of these concerns come from this answer, which seems to imply that not all web clients will support PFS. Prior to making PFS mandatory on our server, I would like to account for and prepare for the incompatibilities.

• Would it be reasonable to expect my OS vendor or load balancer (SSL Offloading) to support reporting of encryption used? I'd like to generate usage statistics.