From a recent Mozilla discussion...
Services like Skype already provide end-to-end encryption to hundreds of
millions of users without any need for a guide or so.
S/MIME encryption OTOH is a dated off-line scheme requiring message encryption
and decryption, while still not addressing core issues such as who is talking
to who, although that becomes fairly irrelevant since there are no users worth
mentioning.
It is in this context worth mentioning that governments in the EU are creating
WS*-based messaging frameworks that (within their own community at least) offer
transparent encryption and signatures. Due to the fact that governments
should not indulge in secret actions (excluding CIA here), encryption at the
service level is exactly what they want; i.e. you should be able to see what
has been exchanged based on logging.
How can you trust a service? I don't have a conclusive answer to that except
that this is a fact, otherwise Microsoft Live, Google mail, and hundreds of
thousands of other "cloud computing" services wouldn't exist.
Another related issue is secure citizen-to-government communication. In the
EU, practically all states work with centralized mail-boxes on the web to which
you authenticate to. My own work FWIW, is very much focused on these
developments because they have proved to scale and are in fact just government
versions of Microsoft's and Google's stuff.
Please go ahead with S/MIME but be aware that the odds that you succeed are
extremely low. If I had an interest in scalable secure end-to-end messaging,
I would start with a blank piece of paper and see what the options are. In
case you do, please send me the draft because I'm still a little bit curious at
least :-)
Sincerely
Anders Rundgren