[phkamp]

And you think NSA with their enormous budget and a mandate to collect "everything" looks askance at the CA's and go "Nope!" ?

Really ?

How many of the root-certs that are in your browser by default do you actually trust ?

What objective evidence is there, that any of them can be trusted ?

[faker_]

Nobody says that. We are all aware of that. But we shouldn't make it easier for our local ISPs or WiFi access operators to spy on us. Because those very probably don't have the CAs compromised.