>You send me a signed email from a mutually trusted source. I now have >your public key, because you can extract it from the signed S/MIME >email. (I am guessing you can do this with PGP.) Just replying to a random part of the discussion. Is there any kind of description and any kind of agreement of what attacks secure mail is supposed to defend against? Without a clear statement of what it is supposed to do, it is not possible to figure out whether a proposal actually meets that goal. And without a clear goal it is also not possible to figure out if the system is going to useful or not. People have wildly different ideas of what e-mail security means. In the context of this discussion, one thing I'm curious about, and something that should be clear from the description of the attack vectors, is who controls a key. To put it in terms of TLS certificates, is an e-mail key 'DV' or 'EV'? It is easy to come up with lots of ways in which a domain holder can provide a public key for a mailbox at that domain. But is that what we want? In some cases, like corporate mailboxes, probably yes. In other cases, journalists or activists with an e-mail account at a big e-mail provider, probably not.