Please note the subject of this part, and reply with this subject if
you want to talk about whether or not the S/MIME spec should have a MUST
or a SHOULD that includes RC2 encryption.
I think the correct word is "MAY", or perhaps even less -- simply
have the spec do nothing more than document the RC2 algorithm-id,
and put the profile that uses RC2 in a separate document.
So long as RC2 remains proprietary, I can't even see making it a "SHOULD".
My reasoning here is entirely due to the status of RC2 as a trade secret,
and has nothing to do with key lengths.
Keith