Here is a basic principle of public key infrastructure: anything signed by one CA can be signed equally well by another, unless the code is designed to give one CA special permissions (like EV certs, in the HTTPS PKI).

You are wrong on the facts that there is a "single CA" - there is _KEY in addition to _NSAKEY.

So, this brings me back to the point I mentioned at the top of the thread: why didn't the NSA just demand a copy of the private key for _KEY instead of a separate key? A separate key always carried a risk, and also required a rebuild - handing over _KEY could have happened immediately. If _NSAKEY has special permissions, can you point me to where in disassembled CAPI code / leaked source these special permissions are implemented, and what they are?

Your conspiracy theory is "The NSA is evil and also stupid." This is a more complex and less likely, and less worrisome conspiracy theory than "The NSA is evil." If the only thing we have to worry about from the NSA is things bungled as badly as this alleged _NSAKEY backdoor and the actual Dual_EC_DRBG backdoor (which was noticed by cryptographers basically instantly), we have nothing to worry about. That doesn't seem like the rhetorical position you want to take.

It really feels like you’re trying to distract from the fact that you have no idea how the supposed NSAKEY backdoor works if it exists.

How would the signed payload to activate this backdoor be delivered? Where’s the code that receives it? Where’s the code that then processes that signed payload?

It’s not like this stuff is terribly hard to reverse, you’ll almost certainly be able to easily find all the symbols and probably even leaked source on various NT-related forums.