S/Mime

S/MIME has what in my opinion is a flaw: There’s no authentication of the time that a message is sent. As far as I can tell, there’s not even any proposed extensions out there trying to fix this. As a result, when one signs an email message with a valid certificate, and then the expiration date of the signing certificate passes, one gets an error when one then later tries to read the email message, as the authenticity of the message can no longer be verified. (Signed code doesn’t have this problem, as the signer can have a third party add a signed timestamp to the code signature, so that the code can still be verified as having been signed by a valid certificate as of the date of the signature, even after the certificate’s expiration date.)