[liberationtech] Why ~not~ S/MIME?

[Ali-Reza Anghaie]

For obvious reasons we're in another spike of "everyone should PGP"
discussions - pretty much every direction you look. This always tugs
at the back of my mind - why not push S/MIME a bit more?

In my own experience the most common adoption problems with PGP for
the uninitiated is getting the software to work where they want it and
managing keys (including finding another person's key).

Taking this from a push for adoption approach and not "our" ideal
solution approaches, consider:

- S/MIME is implemented in more places stock
- S/MIME has at least one well supported Gmail option in
https://www.penango.com/
- S/MIME directories are generally more apt to "just work" for the
end-user once setup
- S/MIME certificate management is more intuitive for first-timers IMO

The two big objections to S/MIME I see more frequently are downloading
your certificate from third-party and cost to get certificate. Both
problems I think can be more easily solved than the adoption problems
(on a wider bases) with PGP. Security and OPSEC failures can be
posited between the two solutions at all levels - *shrug* ..

So - broadly - why not work on the gaps in getting S/MIME more widely
deployed? Why is it so often entirely disregarded? -Ali