https://financialcryptography.com/mt/archives/000966.html
If an email can be used to send the key (signed), then why can't an email be
used to request a key? Imagine that we added an email convention, a little
like those old maillist conventions, that did this:
Subject: GETSMIME fc(_at_)example(_dot_)com
and send it off. A mailclient like Thunderbird could simply reply by
forwarding the key. (How this is done is an exercise for the reader. If you
can't think of 3 ways in the next 3 minutes, you need more exercise.)
Seems like a very simple, straightforward way to automate getting someone's
key for S/MIME email purposes. Is it worth doing this as an RFC to get it
standardised in mailers?
Peter.