"S/MIME uses certificates with rsa asymmetric encryption and it was SLOW"
"1. The user interfaces for using encryption were awful, barely afterthoughts"
Are you talking about PGP? Because to use S/MIME you usually just set the "encrypted" flag in many clients - setting it up may be another issue.
"2. S/MIME uses certificates with rsa asymmetric encryption and it was SLOW"
No. Most implementation uses 3DES. They use RSA certificates for signing and to protect the symmetric key. AFAIK, recent versions of Outlook can use AES256, but it needs support on both sides.
"3. Obtaining a new cert/key was a massive pain in the arse and usually involved paying money. A tax on security."
If you need a "public" certificate, yes. You can setup your PKI system and it will work alike PGP - you'll have no "built-in" trust, so you'll need to trust each certificate or the CA issuing them.
"4. Keys expired every year, compounding the pain."
That's a _good thing_, especially if you don't have published CRLs or any other way to know when a key is no longer valid You don't want someone being able to use your company keys when he/she no longer works for you. Expiration puts an automatic limit on it. A good PKI system is able to renew the keys for active users automatically.
"add other people to your web of trust"
That's good for your personal email - in many business situations you don't want "personal" web of trusts.
"Google (for example) can and do read emails"
If they're encrypted end-to-end, even Google can't read them unless you give it your keys... S/MIME is not SMTP with TLS.
Biting the hand that feeds IT
