This is one of the keys in the discussion, in my opinion. I do not believe we
should react to specific revelations alone - at best those describe a
situation at a fixed point in time. But we do need to realise that the
Internet is pretty vulnerable to a large class of attacks. I think we should
improve the situation.
As for the how - I think cryptographic protection for a bigger fraction of
Internet traffic is a necessity. Of course there are many tradeoffs to
exactly how we go about that - and I think we're having exactly the right
discussions about those tradeoffs in various lists. It is not an easy choice.
But it is one that we need to get to the bottom of.
That's my usual cue to do my duty and chime in that we need to fix
protocol fundamentals as well - if a protocol has poor privacy
practice it's not enough to hide its content.
Scott