Re: If everything's encrypted, what's the problem?
even when you encrypt with SSL, if you can sniff the opening sequence (DH key exchange specifically) you can decrypt the traffic. It would still take a little bit of work, but you can see examples of this happening in Wireshark, when you view an https stream [for example].
So yeah, a router that can capture the entire stream could render encryption useless. The only way around this would be to have a secure tunnel using known certificates on both ends, along with some kind of randomly generated salt, and no decryptable key exchange up front [PGP actually does something like this already, as a good example]. But that would be subject to a form of crypto analysis where you study a large amount of traffic to crack the certs. So nothing is perfect if you don't rotate the keys every time, and so on.
that being said, a possibly 'more secure' PGP for long distance traffic would be a good way to ensure good encryption, across 'teh intarwebs' and various network backbones and so forth, but once it gets on the LAN at its destination, it's probably gonna get hoovered up if spyware [soft, firm, or hard] exists in the routers and PCs.
Biting the hand that feeds IT
