[StavrosK]

It seems like you're saying "we should all use encryption as much as possible so it becomes the background". It also seems like you don't think you're saying that.

[Nrsolis]

What I'm saying is that this technology is a small piece of a solution set to a big, hard problem.

Technology and crypto are the easy parts. Infrastructure, legislation, and user behavior are the bigger pieces and a much harder problem.

We have had secure email systems for better than two decades. They are VERY poorly deployed. Why? We have had secure voice systems for even longer. Why is the encryption on these systems so poorly designed?

I don't trust machines to keep my secrets for these very reasons. I have little faith that more crypto will fix anything. That's what I'm saying.

[StavrosK]

A nit: Email encryption is very hard to get right, but voice encryption is a solved problem (Silent Phone, RedPhone, etc do it very well).

[Nrsolis]

Voice encryption was available with the STU-III for a long long time.

When was the last time you saw a STU-III in an office? Ever? It's because the security capability isn't worth the trade off and friction it creates for business.

The dirty little secret is that the whole process of doing key exchange and verifying that you have a solid connection between two trusted parties is NOT a widely solved problem.

TRUST between two parties that have never met is NOT a solved problem at scale unless you consider SSL a solution and there are a lot of people who think that SSL is broken in many regards.

Think of all the features that a modern enterprise phone system has:

Call waiting Three way calling Conference bridges Voicemail CallerID Call Parking Assistant Mode ...et al. Regulatory archiving

You don't get ANY of those with ANY commercially available secure phone system. The same problems you have with using secure email at scale you have with secure voice.