Jim:
And if you look at what I've said previously, it is my firm belief that if we are to succeed in giving users a truly interoperable secure email standard, then said standard must be fully and completely integrated into MIME and do everything it does in the proper MIME way, as opposed to just being security grafted on.
Allow me to make a contentious statement:
MOSS is the only secure email protocol integrated with MIME.
You see, integrated to me means that the base is security aware. MIME is only security aware when the security multiparts are used. In all other cases, MIME is not security aware.
The use of the application content-type with experimentally defined subtypes gives the appearance of MIME being security aware, but it provides nothing more than a mechanism for carrying a protected object. In addition, the fact that the security service itself must do a callback in order to support recursive services, unlike MOSS which uses the security multiparts framework and thus lets MIME do all the work it was designed to do, further supports my position.
Jim, in what way does the end user distinguish between the MOSS-like integration and the S/MIME-and-MSP-like integration? It seems to me that a good user agent implementation provides the same services to the user. Russ