I'll just note in passing that the MTA could search its certificate
revocation database for messages it forwards and attach appropriate
revocations along with the message (perhaps as a header).
Relaying MTAs should NEVER modify messages, except to add postmarks.
Their job is to make sure the bits get from one end to the other intact.
The more that they modify messages, the less likely it is that what
the recipient gets even resembles what the sender sent. There are
far too many MTAs that can't even get do simple relaying right
(how difficult is a copy loop anyway), without adding this kind of cruft.
If a user wants his message store wants to lookup CRLs, make
them available to his UA for dowload, etc. that's one thing,
and I could see where a user might want his mail submission server
to sign outgoing mail on his behalf. But MTAs in the middle
have absolutely no business adding random attachments to messages.
Keith