[wiktor-k]

> ² With S/MIME you need to keep your old certificates around to decrypt old mails, so having a new one frequently is not practical

You don't need to change your decryption key - the new certificate can use the same decryption keys as the old one (certbot even has a flag: --reuse-key). Whether this is a good idea or not is a separate question.

I think the biggest benefit would be ACME-like automatic certificate issuance. Currently getting a new certificate is just too much friction.

[tengwar2]

The other thing I would hope for is wildcard certificates. I stopped using S/MIME because I usually create a new email (based on the same domain) for each vendor that I deal with. I would find it useful to be able to get a single certificate covering all email with that domain. Obviously that does mean that anyone else using an email from that domain would have to share the certificate, but for private use that can be acceptable - I don't worry about my wife reading my currently unencrypted email!