Impressed seeing this first beta release, I see a couple of security issues which should be solved before I consider the deployment of the Zimbra client as replacement of a fat client.
The most challenging will be a proper S/Mime implementation.:
1. User should be able to download his certifacte to the server for server-side encryption/decryption and signature.
2. In a more restrict enviroment, the client should be able to encrypt with a private key held on the local maschine (via usb, or key card). Will this be possible within the AJAX enviroment. Due to privacy reasons, this should prevent any administrator reading private content.
3. A certificate collector feeding valid incoming certificates into hidden GAL entries.