All classical encryption methods (including the NBS standard) suffer from the“key distribution problem.” The problem is that before a private communication canbegin, another private transaction is necessary to distribute corresponding encryptionand decryption keys to the sender and receiver, respectively. Typically a privatecourier is used to carry a key from the sender to the receiver. Such a practice is notfeasible if an electronic mail system is to be rapid and inexpensive. A public-keycryptosystem needs no private couriers; the keys can be distributed over the insecurecommunications channel.
Discussion
I think this is truly a problem that will continue forever and cannot be solved. In the end, where should the "root of trust" be? One solution would be to root and provision a hardware wallet. Another solution would be to use biometric authentication. Or maybe social recovery with shared multisig. But either way, I think that anything you put online requires a certain kind of "giving up".