I'm not as allergic to S/MIME as Ned and Dave, simply because I haven't
perceived S/MIME as a "competitor" for MOSS. It doesn't secure MIME
message elements, it simply specifies a single MIME encapsulation for
PKCS7 messages. The two offer different services at different levels.
If I want to be able to sign/verify/encrypt MIME messages and message
elements, I'll use MOSS. If I want to allow two PKCS7 messaging systems
to interoperate via SMTP, I'll use S/MIME. I actually see no reason
to integrate the two--S/MIME is simply a standard labeling for a particular
file format, and such is more akin to "application/pdf" or
"video/quicktime" than "multipart/signed" or "multipart/encrypted".
This is certainly a legitimate way of looking at S/MIME, but its only a useful
one if it matches how S/MIME is actually being positioned in the market. And
from what I've seen so far this does NOT match the positioning of S/MIME. For
example, check out RSA's web page, with its various (inaccurate) statements
about security multiparts and MOSS. If S/MIME is orthogonal to MOSS, what's
the purpose behind this comment?
Ned