What is not immediately obvious is that what was added was a framework for security; it defined the concept of a "security label" and allowed you to use an OID for identifying your security labelling scheme, but no labelling scheme was actually specified.
In a similar vein, there was room for a lot of algorithm identifiers to achieve message integrity, message confidentiality, non-repudiation of origin, non-repudiation of delivery, non-repudiation of receipt and so on - but the actual algorithm identifiers, key lengths and key management schematics were not defined.
This state of affairs has of course led to the development of profiles
detailing the way these features are to be used in contexts that need
them; I suspect that one of the more complete ones is the one used by
NATO for their E-mail (perhaps NATO STANAG 4406), but I've never seen
it, so I don't know.
(BTW, the US military created a completely different scheme, which was supposed to work across the SMTP/X.400 boundary, but was incompatible with the X.400-defined security functions. I don't know much more about it than this.)
At the moment, I know of two systems (the Alcatel one and one from Siemens Nixdorf) that claim to offer X.400 security; there may be more; I don't know if they interoperate.
The first thing the Internet community did (more or less) was to abandon the idea of a system where security requires control over the whole network. Internet security services today fall mainly into two areas:
The first attempt, starting in the Internet Research Task Force, was Privacy Enhanced Mail (PEM). Its RFCs, published in February 1993, defined a format for encrypted and signed mail that could be used in conjunction with a global certification hierarchy rooted at the Internet Policy Registration Authority (IPRA).
Unfortunately, lots of time was lost in dealing with the underlying assumption that X.500 would be the directory service; IPRA was finally online in 1994 (CHECK THIS!), nobody seemed to want to use it. Another development, MIME, didn't sit too well together with PEM; the confusion about this helped slow PEM's takeoff.
The second attempt was Pretty Good Privacy (PGP), which was the effort
of a single person, Phil Zimmermann, who wrote a really good E-mail
encryption program with a lousy user interface that could be used on
both DOS and UNIX platforms, without any underlying "hierarchy";
instead, it was based on a "web of trust" model, which works fine in
communities on the order of a few thousand members, and hasn't broken
down completely yet.
He earned global fame as well as the honor of being investigated for various crimes, including using the well-documented RSA cryptoalgorithm without using the patent-owner's legally available implementation of it (RSAREF) and the possible breach of rules governing the export of crypto software from the US (ITAR) that must have occured when copies of PGP showed up outside the US.
He has since settled the conflict about PGP, but the US government is continuing its investigation into his relationship with possible breaches of ITAR. See any PGP Web page for more info.
Nonetheless, PGP is available all over the world, free for non-commercial purposes, at a price in the US for commercial purposes, and is documented by its implementation. It, too, has problems in relating harmoniously to MIME.
The third effort to provide E-mail security on the Internet was also
carried forward in the PEM group; it has now resulted in two RFCs, RFC
1847 and 1848, published in October 1995; one (Security multiparts,
RFC 1847) defines a general way of
providing security services that harmonize with MIME, the other (MIME
Object Security Services, or MOSS, RFC 1847)
specifies how to use these security services with a public key
cryptosystem as the basis; PEM certificates are supported as one
possible way of handling public keys.
Two implementations of this exist that I know of; one (TIS/MOSS 7.1) is freely available inside the US, I don't know the conditions of the other (ISODE Consortium) at the moment. They are know to interoperate.
The services offered by MOSS are much fewer than those provided by X.400 (88) security services; it offers only message encryption and message authentication, plus certificate transfer formats. No attempt to provide security of an E-mail transaction in itself is done at all; no attempt to provide nonrepudiation services or proof-of-delivery services is made.
An effort is underway (draft-elkins-pem-pgp-01.txt, at the moment of writing) to use the RFC 1847 security multiparts to support messages encrypted with PGP, providing at least a common means of hiding the "cyberjunk" of signatures from those who don't care about them.
In summary, the state of secured E-mail in the Internet is:
The UK academic community's networking company, UKERNA, has started an effort to deploy PGP on the scale of one million users; the Netherlands academic network (SURFnet) is doing the same, and others are watching with great interest. At the same time, the EU 4th framework program is pushing the "ICE" project, which, among other things, is supposed to establish a certification hierarchy based on the same base standards as used in PEM and MOSS.
(Note that other recent developments, namely RFC 1825-1829, provide what the Internet community believes to be effective protocols for encrypting or authenticating traffic at the IP protocol layer. Key management is being addressed in ongoing work. This may sooner or later turn into tools for authenticating network connections in an open manner)