It is not just about passwords being sent over the network. It is also about passwords being stored in so many places (not just Aquamail but other email clients like Thunderbird), passwords being stolen by keyloggers, passwords being "guessed" from my other passwords that may have leaked etc etc.
Yes it's true (about storage and entry).
But then with keys you have to deal with other things - like revocation (on the server), "hmm, which email app did I use this key in?" - and Android will require "secured" lock screen.
Yes the UI could be the same - but then it can get messy quickly, like separate certs for IMAP / SMTP - aliases (identities).
We only did it for Exchange because it's a "not unheard of" requirement for Exchange specifically.
So for Internet Mail - I'm still unsure if it's worth it *overall* (although you're completely right about the benefits).
---
Idle chatter:
I discovered WireShark for Linux last night, runs on command line (I've only used it on Windows before).
Decided to look at our "new and shiny" handshakes and almost had a heart attack.
Our code enables (or keeps enabled) the TLS_EMPTY_RENEGOTIATION_INFO_SCSV "pseudo-cipher" and I know it's important.
On a 5.0 device, I could see it in 1) logcat and 2) WireShark output.
On a 8.0 device, it was only visible in logcat but *not* in WireShark output.
Like I said, almost had a heart attack.
Well turns out 8.0 (maybe some earlier versions too) sends it like this:
Extension: renegotiation_info
Type: renegotiation_info (0xff01)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
and not as a "pseudo-cipher"!
See, I'm paranoid now!