That just boggles my mind. I worked for an ecommerce company in 1998 and told them they should just use S/MIME instead of some bullshit proprietary encryption mechanism they used with their messaging client. It just works. But 24 years later encrypted email is still a mess.
It is if you’re interested in the identity of the human due to the administrative costs. Email providers could issue subscriber certs for every registered address pretty trivially.
The biggest UX hurdle is handling the private keys.
Considering how macOS/iOS will start synchronizing Webauthn tokens, I don't think S/MIME would be that difficult really. Email-validated certificates would be a nice start, but even those are expensive right now.
Identity-validated is indeed administratively harder, though in my opinion that part should be done by the state/country authorities - digital driver licenses, state ID's and national ID's could just have that as well. Some EU countries have done exactly that, but software support is lacking.
I helped deploy a Verisign affiliate in Australia that had planned to do just that. I believe the post office was going to be the registration authority to vet users identity, and then there was going be some mechanism to issue a subscriber certificate from there, maybe on a smart card. This was 20 years ago, no idea how far it got.
The physical security they built into the facility housing the root CA was pretty intense.
