Security means encryption + integrity + authentication.
Why? Why should this be the standard for "security"?
Because so far it's the best we have. And because security is only as strong as the weakest link.
You seem, however, to disagree. What would, in your opinion, be a reasonable standard for end-to-end security?
I'm not sure what you mean by Mozilla "blacklisting" basic encryption. As far as I know, self-signed certs work just fine in Mozilla. With a warning, of course - as it should be (and IMHO, that warning should be much stronger than it already is).
Just don't highlight self signed certs with a yellow lock bar was all anyone could want
You seem to forget that the web is not only visited by people like you, me, and most of the
And since you seem intent on throwing NSA around - while it may be easier for them to just sniff traffic, they really have no problem in mounting a MITM attack (see links in my previous post). And while it has not been proven yet, they might just as well have the ability to generate their own certificates, trusted by the major browser vendors (see here - but again, keep in mind that this is just speculation at the moment).
So even if we have encryption+authentication, it still may not be enough. Not when faced with an attacker which has the resources to break the chain of trust.
I won't even get started on the fact that the NSA has knowingly attempted to compromise encryption standards.