When resistance is so damn easy, and capitulation so self-destructive, who would co-operate? You could not force a Linux distro or Mozilla to distribute that cert. It could not be done.
[edit] https works based on trust. We trust the browsers and OS vendors to at least try to prevent the CAs from abusing their power. As soon as it becomes obvious that the OS and browser vendors are now letting state actors compromise all traffic, then https is dead in the water and something else will come along. Nobody is going to risk that happening. It would cost too many rich people too much money.
That's very well thought-out. The tinfoiler in me wonders if that's true, though, and if there aren't subtler avenues for circumvention that still target this trust-based system, especially via social engineering.
I had little interest in security before Snowden, so admittedly, I need to lurk moar and keep learning. Thanks for offering another argument I can try to fit against new facts I encounter and helping me continue that process.
[edit] https works based on trust. We trust the browsers and OS vendors to at least try to prevent the CAs from abusing their power. As soon as it becomes obvious that the OS and browser vendors are now letting state actors compromise all traffic, then https is dead in the water and something else will come along. Nobody is going to risk that happening. It would cost too many rich people too much money.