The best way to get large parts of the net encrypted would be the opportunistic encryption stuff the FreeS/WAN project was working on.
The basic idea was that if you put public keys in DNS, then systems can check for those and apply IPsec encryption to their packets whenever possible.
For a good discussion of motives:
http://www.freeswan.org/freeswan_trees/freeswan-2. 06/doc/politics.html#policestate
The FreeS/WAN project has ended, but at least two descendants were alive & well last I heard, openswan & strongswan, both at.org addresses.
Slashdot Mirror
The best way to get large parts of the net encrypted would be the opportunistic encryption stuff the FreeS/WAN project was working on. The basic idea was that if you put public keys in DNS, then systems can check for those and apply IPsec encryption to their packets whenever possible. For a good discussion of motives: http://www.freeswan.org/freeswan_trees/freeswan-2. 06/doc/politics.html#policestate
The FreeS/WAN project has ended, but at least two descendants were alive & well last I heard, openswan & strongswan, both at .org addresses.