4 comments

[ 5.4 ms ] story [ 17.6 ms ] thread
This is over-the-top and forgets more than a few things (e.g. almost every desktop e-mail client can be easily persuaded to send e-mail in the clear); nonetheless, the basic point is sound.

A more comprehensive solution - something along the lines of http://news.ycombinator.com/item?id=2047794 - would be needed, unless we are willing to reduce the internet to HTTP (well, SPDY, but that's basically the same thing).

With all the trusted root CAs pre-installed into most browsers, a governmnent that wanted to could easily take over their local CA, have a cert issued to them for Facebook, Twitter, etc. and man-in-the-middle all your SSL-secured connections as much as they want.
(comment deleted)
What is the point of this article? (I mean no disrespect.)