Clarification needed
"while SSL private keys can easily be swiped by asking the CA root to hand it over."
How? My understanding is that root CA's never see the private keys - they just sign the public key. This should mean that whilst they can issue fake certificates enabling MITM attacks they can't actually provide the private key to enable decryption of existing traffic.
So either the above understanding is incorrect. Or They have some secret methodology to obtain private keys from something the CA's have. Or They are doing MITM on a huge amount of traffic which seems unlikely as these should be easy(er) to spot...
Biting the hand that feeds IT
