[justinclift]

One thing that seems to be left out of most discussions around this, is "proof of sender" would likely be compromised.

For example with PGP/GPG, if some "magical" approach was added so messages could be intercepted and then decrypted and read by intelligence/law-enforcement/(etc), it seems feasible those same people may be able to spoof the sender's signature.

eg create falsely signed, encrypted messages that verify as being from the real sender. Extremely good for blackmail/framing/similar. :(

It would depend upon the capabilities of the "magical" implementation approach of course, but it fits the scenario. PGP/GPG is regarded as pretty strong, but SSL/TLS certs already aren't so seem like they'd be much more prone to this.