Trevor Perrin <[email protected]> writes: >Another thing to be careful about with (PGP, S/MIME, JOSE, XML-Security) is >that it's up to you to compose public-key signing and public-key encryption. >It's not always easy to figure out whether to sign-then-encrypt or encrypt- >then-sign, and what other checks to add.
CMS (so S/MIME) at least gets this right, its authenticated-encryption mode uses encrypt-then-MAC, and also MACs metadata to protect that. Peter. _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
