True! This is a long-standing debate between the PGP and S/MIME communities, because this phenomenon makes it much easier for end-users but gives a provider much more power to intercept or interfere with communications.
However, a minority of users might use an out-of-band verification method and there have been many proposals to improve transparency of key exchange in S/MIME, including protocols where all certified keys are required to be made public in a channel outside of the certifier's control (and can't be accepted otherwise). So in principle maybe S/MIME is getting stronger, or will get stronger, against providers' using their position to tamper with communications.
(Edit: Also, depending on the UI of the e-mail client, the provider may have a limited time window in which to perform an undetected attack.)
I get where you are coming from, but that is not necessarily true.
You can also use a set of three TLS-Certificates to encrypt, sign and secure the transmission channel.
Or you can use PGP for message encryption and signing while using TLS to secure the Transmission.
S/MIME is not about securing the transmission channel, it is about identifying that an EMAIL adress (user@exmaple.com) is who she says she is, and about confidentiality of messages (eiter in transit or in storage).
Securing the channel can be done with the right LE Server certificate, on both ends of SMTP TLS sessions.
@schoen maybe it is an idea to talk the the CACert.org people. They are in the business of peoples identity. (peer to peer verification).
S/MIMEās key exchange is done by sending a signed message (in clear) accross. So even the public key is not wide spread and only known to intended parties (as well as eavesdropping parties) this seems a clear & simple procedure to me?
No need to setup some access to a central repository anywhere.
Actually the only thing CaCert.org does when issuing an S/MIME certificate is to contact the mail server and check if the mail account exists. Its not like anyone has to show a personal identification for authentication. However below 50 assurance points the CN is named as āCAcert WoT Userā. The only real requirement seems to be a valid TLS setup. I dont see why a server that has obtained a valid SSL certificate for web and TLS might not issue S/MIME for this domain as well. One problem might be the expiration period, you donāt want them to run out every 90 days.
The real issue with mail encryption is that its rarely done, like https the era before Letās Encrypt.