Security Model for e-mail

Most server security
client application must verify server
Make sure server client connected to
is the server it claims to be
Done using certificate
Owner of certificate has Private Key
Can prove ownership
Certificate contains identity
Client identity largely irrelevant
Server serves everyone

Useless for e-mail

For e-mail
client identity most important
Actual human user identity
Server largely irrelevant