> Access to the master keys for a SSL/TLS session isn't like that at all. They could retroactively capture, archive, and decrypt any traffic to the site at all with nothing but the undetectable network taps we already believe they have.
They can't in every case, especially for Google, who use a newer SSL that supports perfect forward secrecy. You are completely correct in the differing magnitudes of attack detectability though.
I believe that Google has changed them several times even in the last few years though, so it could be that even they don't have access to the old static keys anymore.
They can't in every case, especially for Google, who use a newer SSL that supports perfect forward secrecy. You are completely correct in the differing magnitudes of attack detectability though.