On Sep 10, 2013, at 12:32 PM, Phillip Hallam-Baker <hallam@xxxxxxxxx> wrote: > The CA NEVER ever gives the user the key in any of the systems I have worked on. This appears to be untrue. > Comodo offers that exact service today. > > https://secure.comodo.com/products/!SecureEmailCertificate_Signup The Comodo service generates the key pair for you. This means that they have your private key. We would hope that they would behave responsibly, but we don't have the assurance we would have if we generated the key pair and sent them only the public half. > Eliminate the CA and you eliminate the parties with the incentive to sell the solution. Who cares? You can't get people to buy what they don't want. > Whatever scheme is picked to complete secure email there is going to be a problem finding end users certs and end user policies. And there may be a market for solving that problem just like there is a market for blocking spam. There is a market for it, but right now it's very small, because nobody but people whose activities _require_ a secure channel are interested in the product.