I'm glad S/MIME gets a mention because I've always been skeptical of it based on the fact that everyone rallies behind PGP.
I recently failed to install gpg2 on freebsd (for some reason it barks at me and fails and I don't care enough to waste my time on it) and decided to give S/MIME a chance with a signed cert from comodo. (which was free, just to try)
I have to say though the experience is beyond reasonable, it's very easy to get to grips with. If you're using S/MIME, I see a little verified badge in my client, not only that, if I've receieved signed mail from you, I can reply with an encrypted document that only you can decrypt.
This works with CC's and everything. The CA cargo-cult crap definitely has a benefit when it comes to web-of-trust.
No, that's the beauty. Once you emailed a person your validated cert is saved in their outgoing keychain.
No more public key exchange. I checked and Thunderbird often checks the CRL for the certificate I have. I also checked revocation of that certificate and thunderbird shows a big warning about it being invalid. (although it doesn't specify expired or revoked).
I recently failed to install gpg2 on freebsd (for some reason it barks at me and fails and I don't care enough to waste my time on it) and decided to give S/MIME a chance with a signed cert from comodo. (which was free, just to try)
I have to say though the experience is beyond reasonable, it's very easy to get to grips with. If you're using S/MIME, I see a little verified badge in my client, not only that, if I've receieved signed mail from you, I can reply with an encrypted document that only you can decrypt.
This works with CC's and everything. The CA cargo-cult crap definitely has a benefit when it comes to web-of-trust.
(YMMV, I was using Thunderbird)