S/MINE: collecting and analyzing S/MIME certificates at scale

We report on the first broad analysis of real-world S/MIME certificates for digitally signing and encrypting emails. We collected more than 41 million unique X.509 certificates from public address books, i.e., LDAP servers, of which 38 million fulfill the requirements for use with S/MIME in email clients. Despite the surprisingly complex construction of trust chains for S/MIME certificates, we could build chains for a large subset of certificates and show which are trusted in widely used applications. Our results show that many of those S/MIME certificates are issued by non-publicly trusted CAs.
Our analysis of the cryptographic keys, certificate attributes, and new regulations, i.e., the CA/Browser Forum's S/MIME Baseline Requirements, shows that the S/MIME PKI is generally heading in the right direction. Most certificates using compromised or weak key material have expired, weak cryptographic algorithms are being phased out, and CAs are generally issuing more secure certificates. However, the underlying RFCs and email clients should be more stringent about what is considered an S/MIME certificate. Additionally, CAs should improve the distribution of certificate chains to improve user experience and security.