> Red herring. We are never discussing active MITM in these NSA threads because they don't do that.
I believe that this quote in the article pretty much implies an active attack.
For individuals who put encryption on their traffic, we understand that there would need to be some individualized solutions if we get a wiretap order for such persons...
That was the FBI talking, not the NSA (I'm the author of the article). Everything we've learned about the NSA in the last decade thanks to whistleblowers points to widespread passive surveillance. If anything, NSA is extremely hypercautious about revealing its surveillance methods and techniques, which active attacks could do.
I can envision the NSA wanting to undertake active attacks in rare situations, but we don't know whether it has the technical ability to do so under its relationship with AT&T/Verizon/etc. Also even AT&T/VZ/etc. that have historically opened their networks to the NSA for passive surveillance -- in violation of the law -- may have second thoughts if the attacks are active. I suppose you could posit the installation of devices at the target's ISP, but, again, we have no evidence this is something NSA does.
Seems like NSA is using 'individualized solutions' as a term of art for which we don't know their real definition. But based on recent disclosures we're probably safe going with the wildest possible interpretations.
Red herring. We are never discussing active MITM in these NSA threads because they don't do that.
We are discussing offline decryption of monitored SSL traffic, which a CA's key does not help with in any way.
For that attack, you need the server's long-term key and they have to not be using PFS modes.