Does Perfect Forward Secrecy (PFS) make Man-in-the-Middle (MitM) attacks more difficult?

Question

Does Perfect Forward Secrecy (PFS) make Man-in-the-Middle (MitM) attacks more difficult? If not, why?

Answer 1

Not really. PFS means that if an attacker obtains your private key in the future, they cannot use it to decrypt recorded communications in the past. They can still use it to impersonate you ("you" being your server) if they have a MitM position. This allows them to record and/or modify all the plaintext.

Without the legitimate server's private key (or a fraudulent certificate for said server, and said certificate's private key), MitM on a TLS connection is pointless (aside from certain attacks against bugs in the TLS implementations). PFS makes no difference here.

Now, PFS does matter for forward secrecy of encrypted data obtained through passive recording. MitM is definitely a way to obtain that recording - your ISP could do it, for example, since they always have an MitM position on you - but it could also be done via passive eavesdropping without actually being in the middle of the connection. Examples includes wiretapping, connecting to a hub (not a switch) and putting your network interface in promiscuous mode, monitoring an unencrypted WiFi network (capturing all traffic transmitted), and so on. If your attacker is doing anything like that, either from an MitM position or not, PFS is relevant because it means even if they later get the server's private key they can't decrypt the recorded TLS traffic.