The problem with secure email

It would have been convenient today for me to send someone encrypted email. The problem, however, is that they way it works, the recipient would have to have already obtained a certificate† & have sent me a copy of it. And there are very good reasons why it works that way. Getting a free secure email certificate isn't difficult, though I imagine the process could be a bit confusing if you aren't familiar with the technology. (Thawte--whom I've linked to--isn't the only authority that can issue secure email certificates, but it is the one I use.) But beyond that, most people don't even know about them, much less why they should get one.‡ Faced with the prospect of asking a recipient to go through getting a certificate & sending it to me or finding another way to get the information to them, I--of course--choose the latter. So, secure email remains unused. †A bit of an oversimplification for clarity. ‡Besides allowing people to send you encrypted email, a secure email certificate allows you to digitally sign emails you send. This increases the recipient's confidence that a email actually came from you & wasn't spoofed. Incidentally, your certificate is automatically included in a signed email message. Thus a signed message is the typical way to send someone your certificate so that they may send you encrypted email. (Incidentally, it seems that in separating Firefox & Thunderbird into separate applications, Mozilla dropped the ball here. You have to manually export your private key & certificate generated/obtained through Firefox & import them into Thunderbird. At least, I couldn't find an easier way to do it. Presumably people using Microsoft Outlook & Internet Explorer or Apple Mail & Safari have the advantage here.)