said by Steve: said by Blackbird:
True encryption ought to be the standard, not the exception, for traffic on a public-accessed network.
How would you propose, even in broad strokes, for this to happen?
Encryption is trivial, it's key management
that's the hard part.
The ability and the infrastructure is already in place for email. All you need is a free S/MIME certificate like this
for each side. The problem is that although all email clients support the feature, having a certificate is not mandatory. I send dozens of emails to dozens of people daily but majority of them don't have a certificate installed, therefore I can't send them encrypted emails.
All you need for this to become widely used is to make the feature mandatory in popular email clients like Thunderbird or Outlook, etc... When you setup your email client, you add your name, email address, SMTP and POP server addresses and it should download and install a certificate for you automatically and you and the rest of the world would be sending encrypted emails, no training required.
Similar procedures could be implemented and mandated for browsers and popular web servers such as Apache and IIS to use similar key exchange procedures. They just need to be implemented into web browsers and web servers, majority of which by the way, are open source or at least security conscious.
By securing the web browser and email data transfers you would be covering the majority of the Internet data flow and you don't need a key management infrastructure beyond what is already in place.--
You can catch the Devil, but you can't hold him long.