Certification authorities do not, in general, have the private keys corresponding to the public keys they sign. Some CAs will generate a key for you and claim not to keep the private half once you download it, but any security-conscious site will opt to upload a signing request for their own public key instead.
So, that rules out the possibility of passive spying on HTTPS traffic.
As for active spying, a CA could certainly produce a certificate for a MITM attack, but many modern browsers or browser extensions will rapidly detect that, so doing it on a large scale will fail and be detected. The same goes for most security exploits: a large scale systematic exploit will not pass silently.
MITM or exploits on a small, targeted scale have some chance of working, depending on the target, but if a government-scale entity targets you personally, you're pretty much screwed anyway. HTTPS still effectively protects against a large, systematic, undetected dragnet of traffic.
This is correct. The easiest path for the NSA is simply a FISA court order. The whole cert thing is an interesting academic exercise, but probably completely unnecessary.
Suspecious username for a plant-critique "blabla". If you had read any of the CA posts you'd both know why that is the case, and also how easy it would be to test.
I can give you a private/public key, certificate, the CA (and password for that) and some traffic I've sniffed while interacting with a webserver, using the forementioned key and certificate.
Good luck decrypting the traffic. The only thing you'd be able to succesfully do is pretend that YOUR server is actually mine (and proxy from your server to mine). That's an undetected breach, and an MITM attack.
OPs point is still entirely valid. You got my private key from ME, not the CA, and even then you're unable to decrypt the traffic (past).
