On Tue, Sep 23, 2014 at 05:17:49PM -0400, Scott Kitterman wrote: > I use both OpenPGP and S/MIME on a regular basis and in no case where I use > one would the other be suitable primarily because of the differences in trust > models you describe. While they both sign/encrypt email their use cases are > disjoint in my experience. Apple's Mail.app on desktops allows an S/MIME key to bound via Keychain to a particular correspondent, without placing any trust in whatever CA may have issued the certificate. This makes S/MIME usable with a TOFU trust-model. So for me the sweet-spot has been S/MIME with direct (leap of faith) trust. I am disappointed when I can't use TOFU with S/MIME in some other MUAs. -- Viktor.