Presumably that's the problem. We'd have a possibly zero amount of end-to-end security, coupled with a possibly zero amount of trust in the remote endpoint, but we have 20 years of human factors experience demonstrating that people trust SSL by default even when they shouldn't.
On Thu, Apr 3, 2014 at 7:44 AM, Bob Ippolito <bob@redivi.com> wrote:
If it works, how would it be worse than using no encryption whatsoever? Sure, maybe there would be a false sense of security, but it seems like a step in the right direction.