A few comments:
First, to do the encryption (at least with S/MIME) you need more than the
public key, you need the entire public key certificate chain.
There's a certificate database (cert*.db) that contains public key certs,
including trusted CA certs; and there's an encrypted private key DB (key*.db).
Today, when you send encrypted email with Communicator by checking the
encryption check box, NSS automatically finds the public key cert for the
recipient(s) in the cert db, based on the recipient(s)'s email address(es).
That functionality is also in NSS's S/MIME toolkit, which hopefully will
be used to put S/MIME into Mozilla.
If Communicator 4.x cannot find the cert in the cert DB, or it is expired,
there is code to attempt to import the cert from a directory server into the
local cert DB. I don't know if PSM supports that functionality or not.
I'm trying to make the point that even without the participation of LDAP,
we have automated support for making encrypted email easy.
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
