NSA owning VPNs is not surprising given pathetic state of VPN technology as currently deployed. Widespread use of group keys, PPTP and challenge response authentication. A tragedy of nonsense NSA would have to be negligently incompetent to not take full advantage of.
It isn't like this is a big secret or that people don't know better. The bells have been ringing for years ... dare I say decades in some cases yet many in a position to know better simply don't care.
What is interesting to me distance between EC and RSA in terms of relative key size vs security seems to be shrinking by quite a lot.
Honestly I never put much stock in differences between precomputation vs having to start over.
I know practically it makes it a lot easier to do a lot of damage but from my perspective if you have the resources to pull off something just once even if that effort can't be reused the technology has already failed.
I have not been able to quite figure out what they meant when they said TLS is broken. I understand the part of being able to negotiate parameters with a TLS extension yet at the end of the day if you are able to break lowest common denominator crypto so bad you can compromise handshake then secure negotiation must also cease to be secure.