The services are offered through the use of end-to-end cryptography between an originator and a recipient at the application layer.
Symmetric (secret key) cryptography is used in support of the encryption service.
The procedures are intended to be compatible with a wide range of public key management approaches, including both ad hoc and certificate-based schemes.
Mechanisms are provided to support many public key management approaches.
[1] MOSS was never widely deployed and is now abandoned, largely due to the popularity of PGP.