In fairness, you're a Hacker News reader. I don't think we should be making regulations and defending them with "sure only experts really know what these things are, but that's fine". Regulations shouldn't rely on people being experts, they should keep people secure even when they're not experts. Regulations more in this vein are things like building regulations, electrical standards, hospital regulations, etc. I know basically nothing about this stuff, and if I get shocked because of bad wiring no electrician anywhere will say, "well you should've been an expert electrician, your fault buddy". But that's exactly what happens in the non-security dev community right now. "Well you should've been an expert in public key cryptography, your fault buddy". It's just not realistic.