What's a "just passive" adversary, other than a "potentially active adversary that chooses not to use the information they're collecting to leverage an active attack"?
Nobody likes the CA problem, but you can't handwave the problem away.
TACK (which provides auto-pinning) is hopefully going to be a solution to the lack of trustworthiness in CAs, but TACK's deployment model also presumes a CA infrastructure.
Well, more or less exactly what you said. An active attack is detectable, a passive one is not. There is no risk to me if I walk around with a wifi adapter in promiscuous mode just recording traffic. Actually doing a mitm exceeds my admittedly low risk tolerance.
Nobody likes the CA problem, but you can't handwave the problem away.
TACK (which provides auto-pinning) is hopefully going to be a solution to the lack of trustworthiness in CAs, but TACK's deployment model also presumes a CA infrastructure.