In particular, it's crazy that I can't just stick a public key for my email address in the DNS record for my domain, and have email auto E2E encrypt to it.
(No, that wouldn't scale for gmail, but they could do a two level thing, where the gmail key signs the public key for each mailbox -- assuming people bothered to set up their own keys, or that gmail just silently opted them in to server side encryption.)
In particular, it's crazy that I can't just stick a public key for my email address in the DNS record for my domain, and have email auto E2E encrypt to it.
(No, that wouldn't scale for gmail, but they could do a two level thing, where the gmail key signs the public key for each mailbox -- assuming people bothered to set up their own keys, or that gmail just silently opted them in to server side encryption.)