From: David Sternlight <david(_at_)sternlight(_dot_)com>
any means except S/MIME.
Not bad! If a user has to exercise positive seeking behavior to get a
self-signed CA cert ...
Get a clue, please. The "any means except S/MIME" suggestion was intended
to demonstrate absurdity, not be taken seriously.
"Positive seeking behavior" is a property of applications, not of
protocols. If an MUA is designed to fetch and install root certs
automatically, without user intervention, then the specific protocol
(LDAP, http, ftp ...) used to transport the cert is immaterial.
Please discuss application design and security ergonomics somewhere
else - it is off-topic for the IETF S/MIME protocol working group.