Click to get your Free Email Certificate (Digital IDs)
Why is it backwards? It isn't really backwards.
Secure two-way communication is achieved by both ends having certificates and having both parties give everyone their public key.
If this is done then anyone, anywhere can send an encrypted (secret) message to either of these two people.
These two people have that same ability and can now send encrypted messages to each other using each other's public key.
This will also work with digital signatures.
note: that sometimes you may be told that you only need a digital certificate to receive encrypted email. While this is true technically, it is not an ideal combination. When someone sends you an encrypted message, you don't have any way of verifying that the sender is really who they say they are. If the sender also has a digital certificate, then you know that the correct person sent the message. (As an aside, Microsoft decided it was entirely too complicated to explain such things and elected to only allow you to send encrypted email if both ends have a certificate, however you can still send digitally signed messages with just your own certificate.)
The way you give someone your public key so that you can receive encrypted email is by sending them a signed email from your account first. The recipient must then store the certificate you use (which is the public key) in their address book to be able to send you encrypted email afterward.