You send me a signed email from a mutually trusted source. I now have
your public key, because you can extract it from the signed S/MIME
email. (I am guessing you can do this with PGP.)
Just replying to a random part of the discussion.
Is there any kind of description and any kind of agreement of what attacks
secure mail is supposed to defend against?
Without a clear statement of what it is supposed to do, it is not possible
to figure out whether a proposal actually meets that goal. And without a
clear goal it is also not possible to figure out if the system is going to
useful or not.
People have wildly different ideas of what e-mail security means.
In the context of this discussion, one thing I'm curious about, and something
that should be clear from the description of the attack vectors, is who
controls a key.
To put it in terms of TLS certificates, is an e-mail key 'DV' or 'EV'?
It is easy to come up with lots of ways in which a domain holder can provide
a public key for a mailbox at that domain. But is that what we want?
In some cases, like corporate mailboxes, probably yes. In other cases,
journalists or activists with an e-mail account at a big e-mail provider,
probably not.