Petraeus should have used PrivateSky
Browser based identity based encryption with embedded 2-factor authentication - http://privatesky.me
- PrivateSky is a browser based encrypted messaging and managed file transfer service. The keys are only available to the sender and recipient, not even CertiVox staff can access the keys. They are not physically able to comply with CALEA requests, as all encryption and decryption happens in the browser. 
- Summary? Why is SSL not needed for the site? (could I MITM some JavaScript that does something bad?) - The domain is registered via an American provider, using a proxy service. This seems strange.