Since active interception is not nearly so easy as passive listening,
This isn't true of anything but the aether itself or a point to point wire with integrity. In any switched or networked system with routing, active interception is trivial.
Possible? Yes. Trivial? Bullshit. It's all economics, and the resources required to intercept packets and spoof protocols is significantly greater than that merely to watch packets go by. There are many fewer people with these greater resources, which include access to routers. Both active and passive attacks are possible in a packet forwarding system. Merely because both are possible does not mean that they are the same. D-H is not a panacea, but its use for password transmission would completely solve the Ethernet sniffing problem. That alone indicates that active and passive attacks are different in nature and in the defences appropriate. D-H doesn't require any prearranged keying material, which is its primary advantage against passive attacks. Since distribution and storage of keying material is an as-yet pragmatically unsolved problem, it is unwise to insist upon prearranged keys when a partial solution, D-H, is available immediately. Eric