Ned,
Your articulation of the relationship between PEM, MOSS, vanilla
822 and MIME is a good one, though I might quibble with some details. For
example, PEM make use of the message boundary convention that was added to
822 (so it isn't quite vanilla!) while MIME makes use of a different,
incompatible convention. I would think that makes MIME messages not
compatible (in some sense) with mail readers that know how to deal with the
original boundary marking convention. However, that is a minor point. I
also must admit that I don't understand at all your comment about signed
messages, at least in terms of its relevance to this discussion.
The list discussed these issues in excruciating detail last year
and I don't think anything has changed since then. Perhaps a better way to
state my point would be to observe that PEM is much less complex to
implement tham MOSS and that if one operates in a vanilla 822 environemnt
PEM is a preferable implementation of basic email security features
compared to MOSS.
All in all, I suspect that this is not a very useful discussion to
pursue. PEM is not widely used and MOSS has not made major inroads into
the email environemnt so far, though it has had much less time to do so.
So far PGP has been the email security technology of choice in the
Internet, and even that has not had widespread deployment. S-MIME, because
of its widespread vendor backing and because of its PEM-like simplicity,
may turn out to be the real (de facto) standard in the future. MSP,
because of its (U.S.) government adoption and incorporation into shrink
wrap email packages by Microsoft and Lotus, may also be a contender in the
future.
Steve