[ef4]

The thing is, doing it correctly still actually requires quite a bit of understanding.

The hard part has always been key management. If a user doesn't have a properly managed web of trust, they have no real assurance of privacy or authenticity.

I think the people who are actually in a position to fix this problem are the social networks. Imagine if the act of joining Facebook caused a keypair to be generated by you, and friending someone brought their key into your web of trust with some sensible defaults.

Unfortunately Facebook has no incentive to build such a thing. But maybe something third party can leverage all those social connections to help users manage keys in a more natural way.