Please note the subject of this part, and reply with this subject if
you want to talk about whether or not the S/MIME spec should have a MUST
or a SHOULD that includes 40-bit encryption.
The S/MIME spec can specify a way to do 40-bit crypto if this WG wants
it to do so, and can even specify that implementations "MUST" (or "SHOULD")
+ any MUST or SHOULD algorithm MUST be published and available on
fair and nondiscriminatory terms (this is from RFC 2026)
+ (IMHO) the S/MIME spec will not be of standards-track quality
unless it also specifies a "MUST implement" algorithm and key
length compatible with the recommendations of RFC 1984.