Philippe,
I think the point Steve Crocker and I were making is that
message transfer systems do, sometimes, deliver duplicate messages and
such behavior is not cause for a security alarm. Moreover, many
(most?) message systems do not promise to deliver messages in order.
This makes the task of tracking delivered messages, to detect replays,
rather messy, i.e., one cannot merely remember the sequence number
or date of the last received message (on a per-originatir basis)
Because of this lack of ordered delivery facility, many folks
who have considered this problem have elected not to build into a
secure email system a sequencing facility. Also, as Steve Crocker
pointed out, most human beings are capable of dealing with replays
through a larger contextual framework. Nonetheless, you can build a
sequencing/anti-reply facility on top of PEM, within an application
which cares about replay protection.
Steve