True, but we're putting a lot of trust in third parties in that situation, no? HTTPS requires us to say "sure Verisign [or insert authority here], I believe you." If I'm doing that, why not just trust Google? Why use email encryption at all?
SSH is more in our control, but it's still trusting a third party (a server) and it still requires a deliberate act to set up and use (unlike HTTPS).
SSH is more in our control, but it's still trusting a third party (a server) and it still requires a deliberate act to set up and use (unlike HTTPS).