[stephen_g]

This has been talked about many times now. All compromising a CA lets them do is to create believable certificates to be able to man in the middle connections, but they can't be doing that for a large number of connections because it's resource intensive and detectable.

They still don't have the private keys of the sites if they break into the CA.

[krek]

What are the odds that Google, Yahoo, et al. handed over their private keys, I wonder.

[dlib]

I find this quite plausible, with or without the knowledge of Page, Zuckerberg et al. the NSA might very well have the private keys of these companies. I would not be surprised if the CEO's of these companies choose to be ignorant of the NSA's methods to not have to lie to the public, shareholds and Congress.

Also, given that the world's best engineers work at either high-tech companies or the NSA there will be some who have switched between these industries, giving the NSA/CIA a headstart to get any information these companies hold through old-fashioned spy-tactics.