[SHOULD -> MUST for encrypt-to-self]
It's probably unnecessary to mention that there should have been a smiley
after the X.400 comment in my previous message... another reason why
saying anything on the use of encrypt-to-self is a bad thing is that it
assumes that S/MIME mail will only ever be sent by humans. There are all
sorts of protocols and messaging systems being built around S/MIME, for
many of these encrypt-to-self is completely illogical or even dangerous
(consider its use in medical EDI (HL7) messaging systems where the message
indicates that the sender has been diagnosed with some terminal illness,
that's something you definitely don't want the sender to stumble across
unless they've been prepared for it). This is really a matter for users
to decide, and not something which the standard should comment on.
Peter.