Attribution is a massive problem when it comes to attacks. An IP address source does not mean that the attacks were Iranian in origin. It is distinctly possible that the Iranian systems were compromised, or that people were using Iranian hosts to cover their tracks (try getting a US-led forensic investigation team to get logs from an Iranian system).
It is also possible that after Stuxnet, the Iranian government and military have had to consider their options and that this would be an option (bearing in mind that CINIC-signed certificates have been accepted in Firefox for a while and that CINIC have been involved in surveillance ops on people in China).
As for what's actually happening, the people that know are probably unwilling to discuss it on Hacker News or the EFF website.
We don't know. If it was, do you really think it would be their only operation? Who else would have both the capability to massively MITM SSL within a geographical area? I'm not suggesting it was the Iranian government (to clarify, neither was my post above), but for someone to go after the certs it would be expected they'd want to have somewhere (or at least someone) to MITM in mind.
How many Iranians use Yahoo Mail? How many people of interest outside of Iran use Yahoo Mail?
It is also possible that after Stuxnet, the Iranian government and military have had to consider their options and that this would be an option (bearing in mind that CINIC-signed certificates have been accepted in Firefox for a while and that CINIC have been involved in surveillance ops on people in China).
As for what's actually happening, the people that know are probably unwilling to discuss it on Hacker News or the EFF website.