On Tue, Sep 23, 2014 at 05:17:49PM -0400, Scott Kitterman wrote:
I use both OpenPGP and S/MIME on a regular basis and in no case where I use
one would the other be suitable primarily because of the differences in trust
models you describe. While they both sign/encrypt email their use cases are
disjoint in my experience.
Apple's Mail.app on desktops allows an S/MIME key to bound via
Keychain to a particular correspondent, without placing any trust
in whatever CA may have issued the certificate. This makes S/MIME
usable with a TOFU trust-model.
So for me the sweet-spot has been S/MIME with direct (leap of faith)
trust. I am disappointed when I can't use TOFU with S/MIME in some
other MUAs.
--
Viktor.