"security" often hinders "functionality". The reason why cte's are
forbidden for message and multipart content types is that they prevent a
mailbox server from producing a table-of-contents for a client. The
idea here is that one could remotely examine the message structure and
decide that you wanted to retrieve the text but didn't want the audio.
This is important functionality.
However, people may want to send messages in which the table-of-contents
is private. This is entirely reasonable.
So, the solution is to define a content-type called application/pem
which is allowed to have a cte. If the application/pem contains a
message/rfc822 or a multipart/mixed, well then until you un-pem it, no
one can see that structure.
This solution is in fact identical to a proposal I put forth several
weeks ago on the PEM list and then subsequently refined with a small
group of pem-dev people, but for some reason, no closure was reached.
/mtr