"David P. Kemp" <dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil> writes:
Each layer does what it does - if you want the security services provided by
three layers (ESE), or what S/MIME calls triple-wrapping (SES), then you must
use three layers.
The motivation for S/MIME triple wrap was AFAIK use by automated mail gateways.
If you always have to sign the plaintext then it makes it impossible to create
a mail gateway which only lets signed data in or out, because the gateway would
have to hold all the private keys in order to verify the sigs. Thus the SES
triple-wrap. I know Don Davis looked at the RFC which covered this (2633?)
when he was writing his paper and found it didn't really solve the problem.