> On 3 May 2022, at 12:24 am, Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote: > > I'm not convinced that that's the (only or even most important) reason, or that it's even true. From my perspective there have been several barriers to adopting S/MIME and/or PGPMIME, e.g. lack of MUA support, lack of email domain CAs and support for them among root CAs, lack of a well known and trusted set of root CAs such as exist for the web (it's not clear that they should should be the same set), lack of a standard key discovery mechanism, and (mostly I suspect) lack of mindshare. > > When there are multiple barriers to solving a problem, any one of those problems can become an excuse to avoid solving the other problems. Key distribution and discovery isn't the fatal problem, the fatal problem is that encrypted email is unusable once received and stored. Until encrypted email is usable (**search**, long-term signature validation, personal private key rollover, ...), all the key distribution tech in the world won't make it worth adopting. PHB's mathematical mesh might come closer to addressing the key distribution problem, but then we'll still have all the hard MUA issues. Someone will have to want to build MUAs that really solve the usability issues. I don't see that happening in a space dominated by cloud web mail providers, not sure it lines up with their business models... -- Viktor.
