KnectIQ has discussed these problems with technical staff from startups to large corporations to national security officials. Nobody disagrees with any piece of our analysis – private keys expose communication, Certificate Authorities do the same, and every user must manage their devices correctly for security to be assured. This is all established fact.
But technical staff’s role is to solve business problems given agreed upon requirements. The requirements they are currently operating under allow only existing tools (PKI, CAs) to secure data in flight, so it is not surprising that industry keeps using the same flawed tools.
The cybersecurity community needs to raise the bar on security by updating requirements to make digital communication safer. Collectively, we don’t need to throw away the old system, but we do need to enhance it. Insisting that our secure communication be restricted to known parties and that its performance is auditable can ensure progress, and KnectIQ does exactly this.