Keith makes this point rather succintly. If there is agreement, then I
will stand by my earlier conviction; the goals of the IETF are out of
step with US companies' business needs. As such, we should find a way
to separate the non-business protocol portions of the S/MIME spec from
the US business-needs-centric profiling information.
Seems like US companies need strong encryption as much as anyone else.
Or if by "US companies' business needs" you really mean "the marketing
concerns of US purveyors of crypto products", then understand this very
clearly: the IETF exists to make technical recommendations for the
Internet community, NOT to cater to the marketing concerns of US companies.
As for separating the specs: yes, I agree. The standard needs to specify
sufficiently strong algorithms for the "must-implement" profile, but I know
of no reason why a separate informational RFC cannot specify a different
profile for those who choose to use it.
BTW, your characterization of the difference as "non-business" vs.
"business-needs-centric" is ... misleading at best.
Let us speak plainly, and call it what it is: "reasonably secure crypto"
vs. "crypto weak enough to pass US current export regulations."
Keith