@tapdattl@lemmy.world Hey, I’m late but I may have found something you like! It’s not for S/MIME but for OpenPGP keys, another method of email signing and encryption which does not require the certification by an authority (Actalis)

It’s a website to list all OpenPGP public keys, and I know thunderbird (for desktop at least) automatically looks there whenever you write an email to an address to see if it has a public key.

As far as I understand, there are some advantages and disadvantages on OpenPGP, mainly :

• Actalis generates your private key, so if you follow the S/MIME tutorial they’ll be able to decrypt your messages. With OpenPGP it’s done locally on your computer so you don’t need to send your private key to anyone.
• However, there is no way to easily revocate an OpenPGP key, so if yours leak, you can’t just go on your Actalis dashboard and revocate it.

It’s up to you to pick a method based on your needs!

I don’t think it’s possible to do that, but I have no experience on this since I don’t use my own email server so I could very well be wrong.

So as I understand :

1. Actalis is a trusted authority among others but is the only one to issue free S/MIME certificates that I found. You need to use a trusted authority to make the signature, or else your email client will say “Cannot verify signature authenticity” and show a red badge. This explains it better
2. When you sign your email, you include your public key in the signature. So just sign every email (usually an option in your client) to let anyone you email have your public key. I don’t really understand why you would need to change stuff in the email server.