> > Do you say that from a political sense or from a technical sense of > the S/MIME spec? I regularly don't sign my emails for a host of > reasons even though I encrypt them.
S/MIME presumably allows it, as messages done this way are still readable without errors. But normally you want to authenticate after encryption, right? Otherwise there can be odd attacks based on bit-flipping that can result in a message that decrypts successfully but doesn't say what the sender thought they said. There have been a bunch of crypto exploits based on this technique over the years.
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
