* Travis H.: > Also there's a semantic issue; am I attesting to the plaintext, > or the ciphertext? It's possible the difference could be important.
With sign, then encrypt, it's also possible that the receiver decrypts the message, and then leaks it, potentially giving the impression that the signer authorized the disclosure. There has been a fair bit of buzz about this confusion. But the lesson from that seems to be that signature semantics are very hard to agree upon, and most marginally successful standards sidestep the issue anyway, acting as a mere transport protocol. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]