This is over-the-top and forgets more than a few things (e.g. almost every desktop e-mail client can be easily persuaded to send e-mail in the clear); nonetheless, the basic point is sound.
A more comprehensive solution - something along the lines of http://news.ycombinator.com/item?id=2047794 - would be needed, unless we are willing to reduce the internet to HTTP (well, SPDY, but that's basically the same thing).
With all the trusted root CAs pre-installed into most browsers, a governmnent that wanted to could easily take over their local CA, have a cert issued to them for Facebook, Twitter, etc. and man-in-the-middle all your SSL-secured connections as much as they want.
4 comments
[ 5.4 ms ] story [ 17.6 ms ] threadA more comprehensive solution - something along the lines of http://news.ycombinator.com/item?id=2047794 - would be needed, unless we are willing to reduce the internet to HTTP (well, SPDY, but that's basically the same thing).