What's Holding Back Encryption?

nine-times writes "After many years in IT, I've been surprised to notice how much of my traffic is still unencrypted. A lot of businesses that I interact with (both business and personal) are still using unencrypted FTP, and very few people use any kind of encryption for email. Most websites are still using unencrypted HTTP. DNSSEC seems to be picking up some steam, but still doesn't seem to be widely used. I would have thought there would be a concerted effort to move toward encryption for the sake of security, but it doesn't seem to be happening. I wanted to ask the Slashdot community, what do you think the hold up is? Are the existing protocols somehow not good enough? Are the protocols fine, but not supported well enough in software? Is it too complicated to manage the various encryption protocols and keys? Is it ignorance or apathy on the part of the IT community, and that we've failed to demand it from our vendors?"

Re:Apathy

[westlake]

It's like personal home protection for many people - they don't want a gun in the house until after they've been robbed the first time

Understanding the problem correctly is the first step to a solution.

You don't want a gun in the house.

You want to ward off an intruder without a confrontation.

The armed encounter is damned unpredictable. You don't know when it will happen or who will have to face it.

Maybe your ten year old kid can pull it off.

But you might come home to find her dead.

Re:encryption alone

[hclewk]

You apparently don't pull as much weight with your company as I do with mine. A fact that is likely due, in part, to not following (e)stablished spelling practices.