[yellow_badger]

"You think your HTTPS connection is securely encrypted, but wait, couldn’t the U.S. government generate a brand new fake certificate, give it to the NSA, and then serve that to you? Your web browser won’t raise any alarm bells. The SSL certificate is valid, and it is signed by a Certificate Authority that is trusted by your computer."

I think it's highly unlikely that they'd do that, as there's a chance that the fake certificate could be used as evidence against them later. A valid certificate for google.com signed by the US Govt CA would raise a few eyebrows.

If the NSA really wants to MitM you, it wouldn't surprise me if they had backdoor access to the real GeoTrust Global CA, either by bribery, National Security Letter or even "dark arts" that the real GeoTrust knows nothing about.

[mike_hearn]

Bear in mind they don't actually need to hack or coerce a CA to get them to issue a fake cert. CAs check ownership of a website by either sending an email or doing a regular HTTP request to the website i.e. doing the sort of request that QUANTUM is very good at intercepting and redirecting.

In other words the NSA could MITM the CA<->website connection and get themselves a cert issued in the regular manner.

However I do not believe they are doing this at any meaningful scale, and possibly not at all. It's clear from the Snowden archives that they focus almost exclusively on malware. That has a lot of advantages for them over creating fake SSL certs.

Also bear in mind that certificate transparency is a multi-year plan to prevent secret issuance of certificates. So there is effort being done to reveal such attacks even before they are happening. Not too shabby!