Users often communicate with each other over the Internet in an unsecure manner. Unsecure communications are acceptable for many purposes where the information communicated is of a non-sensitive nature.
However, there are many contexts in which the information communicated is actually or potentially sensitive, such as when communicating confidential business details, conducting e-commerce, and the like. In such contexts, the communicating users should employ systems with cryptographic capabilities that can encrypt and decrypt the communicated information. This prevents intermediate parties—such as active eavesdroppers, or systems such as routers that make up the Internet architecture—from being able to obtain the communicated information in its original plaintext form.
The cryptographic infrastructure needed to allow users to easily and transparently secure their communications can be complex. Delegation of cryptographic functionality entails a certain degree of trust of the infrastructure components that provide the functionality. Accordingly, a third-party organization providing the cryptographic functionality may be able to exploit this trust to obtain the original, unencrypted communications. Such a risk may not be acceptable to some users, e.g., when conducting highly sensitive communications.