In a nutshell, MOSS is based on the idea of exploiting MIME pretty
thoroughly instead of just grafting cryptographic services into MIME as a
fresh application. This degree of intimacy and interdependence on MIME
didn't sell well to the commercial players.
I believe this analysis to be incorrect.
The message from the february email security workshop was broad and
thorough interest -- in fact it was really at the level of requirement --
in use of multipart/signature and a general desire to use multipart/encrypt
except that the technical difficulties of making it worthwhile appear to be
too much to be... worthwhile.
I agree with Dave about this, and said as much in my last posting to the IETF
list. The fact that the alternatives to MOSS are embracing the security
multipart concept is evidence that this was not a factor in MOSS's demise and
the development of alternatives to MOSS.
The range of options and choice that MOSS provides is usually what
I hear cited as its major problem, not its integration with MIME.
This was definitely a major factor, but somewhat secondary to our biggest
problem: We took far too long.
The amount of time it took to get MOSS out the door was totally excessive. Look
at the facts: After a immensely lengthy process (on the order of 8 years if you
also count the development of PEM), one that nearly exhausted most participants
and certainly brought no end of frustration to all parties, one where the
complexity of the protocol increased as time went on, we finally came up with a
rather ornate and difficult to implement protocol. The few vendors who were
still with us up to this point were too frustrated and upset to commit to such
a protocol at this point.
The immense amount of time also resulted in a deliverable that appeared _after_
S/MIME was established as an alternative.
I cannot speak for others, but this is absolutely why Innosoft doesn't have a
MOSS-based product on the market.
Ned