Currently, if there is any ambiguity, which protocol to use, we do not deal with that very well and/or clearly. This situation may arise when:

• A single recipient has both S/MIME and OpenPGP keys
• Multiple recipients some of whom have S/MIME, others OpenPGP keys
• Sender has only OpenPGP signing key, but sending to S/MIME recipient or vice versa (in theory that should no be a problem, in our code base it is)

Even our current code base contradicts itself regarding how to deal with this. At some places, we try to support mixed recipient types (two messages will be sent, instead of just one), while in others we e.g. limit key resolution to allow only one protocol. The more important issue, however, is that we never indicate to the user what exactly will happen or why:

• Will multiple mails be sent (and why)?
• If not, does that mean some recipients will essentially be dropped out of the conversation?
• Will I be prompted for confirmation of the key selection when I press "Send"?
• If I am prompted in some cases, why is that so? And what does that strange label "Security Approval" mean (Kleo::NewKeyApprovalDialog)?

There are more edge cases than that, perhaps a first step is to be more explicit: If there is any kind of ambiguity in the key selection, show a good hint about that, and request the user to explicitly resolve the situation _before_ the Send button is enabled.