One initial technical question I have about MUSE is why to bother encapsulating email messages while in transit in more layers of MIME glop? Why not just run IP Security between the sendmail daemons involved, and have the receiving sendmail daemon note in the Received header that the message arrived over an authenticated connection?
Because this gives you a point-to-point solution. MUSE is still end-to-end; the only difference is that the ends have moved slightly away from the user in the interests of deployment expediency.
IPSEC provides your choice of authentication and/or encryption, and already uses the keys from the Domain Name System. IPSEC solves many other problems as well as the particular secure/private email delivery problem. And deploying a Real Application (sendmail) that uses IPSEC would shake it out and get it widely used.
IPSEC does indeed solve many problems. Unfortunatly secure email end-to-end email isn't one of them. Ned