Calm down. Breathe.
What you are suggesting would need support from every MUA out there to work, and you admit yourself it's not a complete fix. Extending SMTP, or going hardcore and implementing something like DIME/DMTP/DMAP or whatever, would be the right thing to do. Of course it would be a complete bitch to extend/replace SMTP at this point, but that doesn't mean we shouldn't try. I honestly do not think extending MUAs to do key exchange is the best approach. Would it be better than what we have? Sure, but I think it would require too much work in exchange for far too little benefit. This might be the time to realize that what we have is not good enough, and build something that is.
Own MUA recognizes returned public key enclosed and imports it, again, preferably without user intervention. Done! This needs to happen automated and in the background (optionally with user-confirmation for advanced folks).
You do see the problem with this, don't you? How do you intend to make sure you get the correct key without manual intervention? You need a separate channel for verification of the key, or MITM attacks become trivial. Setting key verification as "optional" for "advanced folks" would make the whole system useless, and you would be better off without security at all than having security you trust that isn't effective.
The MUA can't do all of this alone anyway, as there is only one channel. You need the key fingerprint verified in some other way.
Slashdot Mirror
Calm down. Breathe.
What you are suggesting would need support from every MUA out there to work, and you admit yourself it's not a complete fix. Extending SMTP, or going hardcore and implementing something like DIME/DMTP/DMAP or whatever, would be the right thing to do. Of course it would be a complete bitch to extend/replace SMTP at this point, but that doesn't mean we shouldn't try. I honestly do not think extending MUAs to do key exchange is the best approach. Would it be better than what we have? Sure, but I think it would require too much work in exchange for far too little benefit. This might be the time to realize that what we have is not good enough, and build something that is.
You do see the problem with this, don't you? How do you intend to make sure you get the correct key without manual intervention? You need a separate channel for verification of the key, or MITM attacks become trivial. Setting key verification as "optional" for "advanced folks" would make the whole system useless, and you would be better off without security at all than having security you trust that isn't effective. The MUA can't do all of this alone anyway, as there is only one channel. You need the key fingerprint verified in some other way.