Over the last several decades, it has become increasingly important to secure data via end-to-end encryption. The Internet has evolved to provide security for connections, primarily using TLS (or SSL), but generally fails to provide true end-to-end encryption. While TLS and similar protocols encrypt data during transit, data at rest is often unprotected, residing in storage on a client or server machine in plaintext. Data in this state are susceptible to honest-but-curious service providers, hackers, physical theft, and coercive governments.

Generic public-key cryptography provides powerful mechanisms to enable end-to-end encryption, but providing good usability for these mechanisms is a challenging task for novice users|leading to the decades-long situation where "Johnny can't encrypt". The primary problems center on user-to-user authentication { authenticating users to each other by associating their identities with public keys. We have made signicant progress authenticating web sites to users (via X509 certicates and associated authorities) and authenticating users to web sites (with passwords). Each of these have their challenges, but have at least been widely deployed. Authenticating users to one another, however, has seen relatively little adoption. Usable mechanisms for personal key management, key distribution, and key authentication are still largely open issues.