As previously illustrated, shared key encryption relies on each party having some prior association or trust with the other. To decrypt the message, Party B must already know the secret password used by Party A. If these two parties have never communicated before, the password must be exchanged using some other means. This exchange may take place in the form of a phone call, a letter, a separate email, or a face-to-face meeting. Unfortunately, each of these means has one or more significant drawbacks.
The most significant drawback to all of these, apart from speed, cost, location, and identity confirmation, is the simple requirement of human interaction. People would have to establish a new relationship with every other person they want to communicate with and maintain a library of shared secret passwords for each of those parties. If 10 people each had nine unique relationships with every other party, that's 90 distinct shared secrets. At 100 people, we're talking 9,900 unique shared secrets. Now imagine a website dealing with one million customers, or even more. There has to be a better way.
