They could get a valid key pair from a CA and MITM the connection. It could be detected if the user knows what the public key should be and compares it with what they received, but that seems pretty unlikely.
>It could be detected if the user knows what the public key should be and compares it with what they received, but that seems pretty unlikely.
there is no need to know what the public key should be - only that there are several [more than expected] different keys. Any distributed organization (including Google itself who can be fully expected to monitor which certs their users receive especially after Iran/Diginotar story) could notice it and thus identify the MITM. Thus Google must be on it. Thus no need to involve extra certs from CA though of course i'm not arguing NSA's ability to do that.
