It's possible to do client-side known-public-key verification, which would detect a MITM attack. The idea is basically maintaining a local trusted cert list (other than the broad ones in the OS), but using known site public keys instead of root signing certificates (which I will admit are a security nightmare for SSL).
Chrome does this for Google-controlled domains; they call it "public key pinning." I'm not sure if any of the other major browsers do it, but it would be pretty simple to implement.
Even if the government had a root CA-signed cert for "mail.google.com", Chrome would throw an error because the government's signed cert public key would not match the public key pinned inside the Chrome browser source code. Chrome would barf with a certificate error.
It's possible to do client-side known-public-key verification, which would detect a MITM attack. The idea is basically maintaining a local trusted cert list (other than the broad ones in the OS), but using known site public keys instead of root signing certificates (which I will admit are a security nightmare for SSL).
Chrome does this for Google-controlled domains; they call it "public key pinning." I'm not sure if any of the other major browsers do it, but it would be pretty simple to implement.
Even if the government had a root CA-signed cert for "mail.google.com", Chrome would throw an error because the government's signed cert public key would not match the public key pinned inside the Chrome browser source code. Chrome would barf with a certificate error.