The question is not whether MIME is permitted; it is whether MIME
MUST be wrapped around the body of every signed message. The
question for me is not so much what percentage of MUAs aren't
MIME-aware, but whether this mandate would disenfranchise even that
(arguably small) percentage.
I think that the transition problem is more important than that.
Whatever we invent, it'll be adopted incrementally across the net, so
MTAs or MUAs that implement it have to keep interoperating with MTAs
and MUAs that don't.
At this point, I don't know of any MUAs that make an encapsulated
message look like a normal message, and I don't know of any MTAs that
handle encapsulated messages at all (other than passing them through
as is). I also know of a whole variety of mailing list managers,
autoresponders, and other applications that recieve mail and do
something based on the contents, none of which handle wrapped messages
either. And I definitely know that I know only a small fraction of
the applications that people hang on their e-mail systems.
I only know of two ways to make this kind of interoperation happen.
One is to have some sort of negotiation between the sender and
recipient so the sender can find out whether the recipient can handle
what it plans to do, but given the hop-by-hop nature of email (MTA to
MTA to MDA to MUA), I don't see any practical way to query all of the
pieces of recipient software. The other is to add the new info in
places that we can expect typical recipient software to ignore what it
doesn't understand. In e-mail, that means new headers, but not in the
So although I think it is a fine idea to use S/MIME formats where
possible, I don't think that MIME encapsulated messages are in the
realm of the possible any time soon.
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY