Are self-signed certificates actually more secure than CA signed certificates now?
I ask this because recent leaks about the NSA spy programs and the secret FISA courts mean that the US government can force Certificate Authorities in the US to secretly hand over their root certificates and the CAs can't do anything about it because of a secret gag order. Given the US's communication intercepts in all the ISPs and gateways, it would be simple for them to MITM each HTTPS connection coming in and give out their own public key signed with that same root certificate instead, thereby allowing them to intercept the private keys used in the TLS session and forward a copy of all the data back to their Utah data centre for analysis and permanent storage. It seems they've had this capability for a while and there's no telling what information has been stolen. This basically undermines trust in the whole internet.
Knowing this information, would it be technically more secure for a private organisation to generate a self-signed certificate for a server, then manually copy that certificate and give it to their users on a CD/USB drive, then their users would manually load the certificate as trusted into their web browsers? That way if the connection was MITM'd by the US then it would not match the one in their browser.
However because there are already "trusted" CA certificates pre-loaded from Verisign, Comodo et all into the browser, as the US is performing a MITM attack on the connection couldn't they just initiate a request to the real server, copy the public certificate information, then create a new certificate based on that information for that domain being requested, sign it with any of the root CA's certificates they have which are trusted by the browser, thus allowing them to intercept the data? Nobody really bothers to look at these things to see if the certificate was signed by the correct company Verisign, Comodo or another one. Users are just looking at the padlock. It would only look suspicious to the administrator who remembered they created a self-signed certificate, not a certificate signed by Verisign or some other company.
This just made me realize the US only needs one dodgy CA certificate pre-loaded and trusted into most browsers to be able to perform MITM attacks on anything, they simply swap out a site's real certificate for a new one where they signed it with any of the root CA certificates that are trusted by the browser. If that was the case, then you would need a new browser profile, remove ALL the trusted certificates, load in your own organisation's trusted certificate and use that browser solely for communicating within your organisation. Any MITM attempts would throw up a big warning in the browser.