In a nutshell, MOSS is based on the idea of exploiting MIME pretty
thoroughly instead of just grafting cryptographic services into MIME as a
fresh application. This degree of intimacy and interdependence on MIME
didn't sell well to the commercial players.
This is exactly it. MIME is a religion at least as potent as
security. The MIMEists were in the ascendent at the time
in an IETF charged with NII missionary zeal. IETF certificate based
messaging security was in deep depression.
The dependency on MIME conformance is what has killed MOSS. I do believe
MOSS did for message formats what PEM did for certificate
formats and message processes, however.
These infrastructure issues are not easy questions to solve, and I
personally believe TIS and the engineers/scientists only gained in technical
reputation from the manner in which it adn they conducted the MOSS design
and engineering work.
I think in the area of S/MIME-MOSS, SSL-IPSec the IETF
learned something about itself. Those senior IETF
who engineered (and continue to engineer) such animosity in the IETF processes,
particularly in the MIME area - mainly for their own consultatancy
or demagogic benefits - have perhaps shown us where IETF itself
needs amending.
When Steve Crocker was in charge, I at least felt someone cared
about my contribution to the process; however imperfect.