+@c FIXTGNUS We should provide MIME manual.
+@c @node MIME
+@c @section MIME
+@c @cindex MML
+@c @cindex MIME
+@c @cindex multipart
+@c @cindex attachment
+
+@c Message is a @sc{mime}-compliant posting agent. The user generally
+@c doesn't have to do anything to make the @sc{mime} happen---Message will
+@c automatically add the @code{Content-Type} and
+@c @code{Content-Transfer-Encoding} headers.
+
+@c The most typical thing users want to use the multipart things in
+@c @sc{mime} for is to add ``attachments'' to mail they send out. This can
+@c be done with the @code{C-c C-a} command, which will prompt for a file
+@c name and a @sc{mime} type.
+
+@c You can also create arbitrarily complex multiparts using the MML
+@c language (@pxref{Composing, , Composing, emacs-mime, The Emacs MIME
+@c Manual}).
+
+@c @node Security
+@c @section Security
+@c @cindex Security
+@c @cindex S/MIME
+@c @cindex PGP/MIME
+@c @cindex sign
+@c @cindex encrypt
+
+@c Using the MML language, Message is able to create digitally signed and
+@c digitally encrypted messages. Message (or rather MML) currently support
+@c PGP/MIME and S/MIME. Instructing MML to perform security operations on
+@c a MIME part is done using the @code{M-m s} key map for signing and the
+@c @code{M-m c} key map for encryption, as follows.
+
+@c @table @kbd
+
+@c @item M-m s s
+@c @kindex M-m s s
+@c @findex mml-secure-sign-smime
+
+@c Digitally sign current MIME part using S/MIME.
+
+@c @item M-m s p
+@c @kindex M-m s p
+@c @findex mml-secure-sign-pgp
+
+@c Digitally sign current MIME part using PGP/MIME.
+
+@c @item M-m c s
+@c @kindex M-m c s
+@c @findex mml-secure-encrypt-smime
+
+@c Digitally encrypt current MIME part using S/MIME.
+
+@c @item M-m c p
+@c @kindex M-m c p
+@c @findex mml-secure-encrypt-pgpmime
+
+@c Digitally encrypt current MIME part using PGP/MIME.
+
+@c @end table
+
+@c These commands do not immediately sign or encrypt the message, they
+@c merely insert proper MML tags to instruct the MML engine to perform that
+@c operation when the message is actually sent. They may perform other
+@c operations too, such as locating and retrieving a S/MIME certificate of
+@c the person you wish to send encrypted mail to.
+
+@c Since signing and especially encryption often is used when sensitive
+@c information is sent, you may want to have some way to ensure that your
+@c mail is actually signed or encrypted. After invoking the above
+@c sign/encrypt commands, it is possible to preview the raw article by
+@c using @code{C-u M-m P} (@code{mml-preview}). Then you can verify that
+@c your long rant about what your ex-significant other or whomever actually
+@c did with that funny looking person at that strange party the other
+@c night, actually will be sent encrypted.
+
+@c @emph{Note!} Neither PGP/MIME nor S/MIME encrypt/signs RFC822 headers.
+@c They only operate on the MIME object. Keep this in mind before sending
+@c mail with a sensitive Subject line.
+
+@c Actually using the security commands above is not very difficult. At
+@c least not compared with making sure all involved programs talk with each
+@c other properly. Thus, we now describe what external libraries or
+@c programs are required to make things work, and some small general hints.
+
+@c @subsection Using S/MIME
+
+@c @emph{Note!} This section assume you have a basic familiarity with
+@c modern cryptography, S/MIME, various PKCS standards, OpenSSL and so on.
+
+@c The S/MIME support in Message (and MML) require OpenSSL. OpenSSL
+@c perform the actual S/MIME sign/encrypt operations. OpenSSL can be found
+@c at @code{http://www.openssl.org/}. OpenSSL 0.9.5a and later should
+@c work. However, version 0.9.5a insert a spurious CR character into MIME
+@c separators so you may wish to avoid it if you would like to avoid being
+@c regarded as someone who send strange mail. (Although by sending S/MIME
+@c messages you've probably already lost that contest.)
+
+@c To be able to send encrypted mail, a personal certificate is not
+@c required. Message (MML) need a certificate for the person to whom you
+@c wish to communicate with though. You're asked for this when you type
+@c @code{M-m c s}. Currently there are two ways to retrieve this
+@c certificate, from a local file or from DNS. If you chose a local file,
+@c it need to contain a X.509 certificate in PEM format. If you chose DNS,
+@c you're asked for the domain name where the certificate is stored, the
+@c default is a good guess. To my belief, Message (MML) is the first mail
+@c agent in the world to support retrieving S/MIME certificates from DNS,
+@c so you're not likely to find very many certificates out there. At least
+@c there should be one, stored at the domain @code{simon.josefsson.org}.
+@c LDAP is a more popular method of distributing certificates, support for
+@c it is planned. (Meanwhile, you can use @code{ldapsearch} from the
+@c command line to retrieve a certificate into a file and use it.)
+
+@c As for signing messages, OpenSSL can't perform signing operations
+@c without some kind of configuration. Especially, you need to tell it
+@c where your private key and your certificate is stored. MML uses an
+@c Emacs interface to OpenSSL, aptly named @code{smime.el}, and it contain
+@c a @code{custom} group used for this configuration. So, try @code{M-x
+@c customize-group RET smime RET} and look around.
+
+@c Currently there is no support for talking to a CA (or RA) to create your
+@c own certificate. None is planned either. You need to do this manually
+@c with OpenSSL or using some other program. I used Netscape and got a
+@c free S/MIME certificate from one of the big CA's on the net. Netscape
+@c is able to export your private key and certificate in PKCS #12 format.
+@c Use OpenSSL to convert this into a plain X.509 certificate in PEM format
+@c as follows.
+
+@c @example
+@c $ openssl pkcs12 -in ns.p12 -clcerts -nodes > key+cert.pem
+@c @end example
+
+@c The @code{key+cert.pem} file should be pointed to from the
+@c @code{smime-keys} variable. You should now be able to send signed mail.
+
+@c @emph{Note!} Your private key is store unencrypted in the file, so take
+@c care in handling it.
+
+@c @subsection Using PGP/MIME
+
+@c PGP/MIME require an external OpenPGP implementation, such as GNU Privacy
+@c Guard (@code{http://www.gnupg.org/}. It also require a Emacs interface
+@c to it, such as Mailcrypt (available from
+@c @code{http://www.nb.net/~lbudney/linux/software/mailcrypt.html}) or
+@c Florian Weimer's @code{gpg.el}.
+
+@c Creating your own OpenPGP key is described in detail in the
+@c documentation of your OpenPGP implementation, so we refer to it.