I agree with your characterization of the issues and I will attempt to
initiate the separation of protocol from profiling if that seems like an
acceptable path to IETF involvement in S/MIME.
BTW, your characterization of the difference as "non-business" vs.
"business-needs-centric" is ... misleading at best.
I disagree. Perhaps a clarification is in order. By US companies'
business needs, I am referring to US-based software developers. Roughly
speaking, US software companies (my company excepted) derive 50% of
their revenue from products that are exported. Export of product with
encryption is tightly controlled. RC2 was created specifically to
address this business issue, no other.
Let us speak plainly, and call it what it is: "reasonably secure crypto"
vs. "crypto weak enough to pass US current export regulations."