The lack of opportunistic encryption in most protocols is indeed depressing. Clearly a case of the perfect (end to end authentication) being the enemy of the good (protection from passive eavesdropping), although in fairness, active MITM attacks are much easier on most IP networks than on something like the PSTN or in-person with which people are more intuitively familiar, at least near the endpoints (or by carriers)
We really need some kind of caching of keys, like ssh does, where users are alerted only if a key changes. Combine that with some smart way to do real authentication after the fact (i.e. start using a site, don't trust it much, but when you're ready to start using it for high trust stuff, do a more in-depth validation), and security for end users would be vastly improved.
We really need some kind of caching of keys, like ssh does, where users are alerted only if a key changes. Combine that with some smart way to do real authentication after the fact (i.e. start using a site, don't trust it much, but when you're ready to start using it for high trust stuff, do a more in-depth validation), and security for end users would be vastly improved.