From: keithd(_at_)securitydomain(_dot_)com
... there is a bigger issue which is the RSA cryptosystem.
I don't think the RSA algorithm is particularly important for two reasons:
1) as Jeff Schiller pointed out in Memphis, there aren't that many years
left of patent protection on RSA. Once it expires, no one needs a license
to do their own implementation. My bet is that the patent will expire
before S/MIME makes it all the way to full IETF Standard :-). RC2, on the
other hand, was claimed to be a trade secret, and that protection never
expires.
2) The trend in IETF working groups (TLS and PKIX, not to mention that
other email protocol :-) is to make DSA/DH algorithms mandatory, and
RSA optional. If S/MIME progresses along the standards track, it would
probably do so as well. Those implementors who wanted to provide
backwards compatibility with S/MIME v2 could buy an RSA license,
but implementors who did DSA/DH only (without licensing RSA) would be
assured of interoperability with all IETF-compliant implementations.