extra trouble to install it. The proof is the market penetration of PGP. Only the geeks tend to use it and SSH is only used by SA geeks. The general market DOESN'T CARE!
As part of a side business, we do an incredible amount of real e-commerce, mostly electronic funds tranfer via the Federal Reserve Banking system (ACH batch processing - Qdebit.com). We see roughly several levels of clients: 70% - "Huh? We're secure, only I have the root password" (actual quote) 10% - Encryption is hard, how about we ZIP the file we send via FTP? (not bad, it helps...) 10% - SSL encrypted XML posts. 5% - SCP (SSH) file transfer, known keys on each side + passwords. 5% - Hardware encryption, leased line, keys for hardware encryption and passwords delivered in seperate parts by different people after identity verification. No physical connections to gateway systems. (Federal Reserve, Chase Manhatten Bank...) We even had one client swear his IBM MQ Series system he used for transfering data and files over the 'net was IDEA encrypted, and we should not worry about the large batches of name,address,SSN,routing,account#... information. Plugged in a sniffer and watch it all pass in plain text. I also blame the difficulty level to install basic encryption software, but if my 16 year old "skateboard head" son and 19 year old "art major' daughter can install PGP and encryption programs to keep their old man (me) from reading their e-mail and opening up their files on the home and school network... It can't be that hard. Until real data encryption is built into the Operating Systems and all software... --mike--