I'm no expert in this, and I'd like your input: How well is the SSL certificate infrastructure protected? Could the NSA obtain the SSL certificate of let's say, mail.google.com? Or, even worst, could they get their hands on the certificates of a CA? If so, they could intercept almost any communication over HTTPS by using a man-in-the-middle attack, right?