I would like a public debate over the fact that crypto systems (such as an internet connection over SSL) being able to be degraded to lower crypto or no crypto at all without us knowing is part of the problem.

So much of a problem, so much of a perfect espionage/surveillance tool, that one wonders whether this was specifically designed to do so by powers that be.

In other words, we live in a world where every actor of the internet tells us the communication systems are correctly designed and any vulnerabilities found are patched and the world can move on. This is basically a lie. Communication systems are specifically designed to degrade crypto being used without letting users know about it.

I certainly would like to know, if my connection is expected to do SSL, that a server decides to in fact not use SSL, or weaker SSL. My tool should have a default configuration aborting such connection whenever that happens, or prompt me and let me choose, assuming this rarely happens.

Anything short than this is just spitting on everyone face. Security experts out there who have the chance to have a voice and influence that we use should make a ultimatum so software providers implement this and we can all move on with renewed trust.

Come on, it's getting old.