S/MIME has come a _long_ way. An earlier version (now called S/MIME 1.0, although I'm not sure this is going to make it into any marketing materials) had a couple of cryptographic problems compared with PGP. Those problems have been fixed in version 2.0, which is expected shortly (as an internet draft).
S/MIME 2.0 _defaults_ to 168-bit triple-DES, unless you're stupid enough to use the export version. RSA key sizes up to 2048 bits are supported, as are a number of alternate symmetric algorithms. In addition, digital signatures are based on 160-biy SHA1, rather than 128-bit MD5, which is half broken anyway.
In the meantime, Deming software is shipping a slick Windows implementation of S/MIME, which integrates nicely with Eudora. Netscape is expected to ship cross-platform S/MIME capability in version 4.0 of Navigator (their original publicity materials were only off by a factor of two ;-), and that will make a huge dent in the market.
In sum, S/MIME leaves PGP in the dust, both techically and as a market force. There's still a lot of sentiment that PGP is one of "ours" and S/MIME is one of theirs, but at this point it's the latter that has the most promise of bringing encrypted e-mail to the masses.
If only X.509 weren't so darned ugly :-)
Raph
How will users be made confident that the S/MIME crypto isn't somehow compromised in these products? Vendor trust (I think not, with all the government pressures)? PGP Fingerprint: FE 90 1A 95 9D EA 8D 61 81 2E CC A9 A4 4A FB A9 --------------------------------------------------------------------- Snoop Daty Data | Internet: azur@netcom.com Grinder | Sacred Cow Meat Co. | --------------------------------------------------------------------- Counter-cultural technology development our specialty. Vote Libertarian. Just say NO to prescription DRUGS. "Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive." -- C.S. Lewis "Surveillence is ultimately just another form of media, and thus, potential entertainment." -- G. Beato