[messaging] alternative to OpenPGP?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Aug 17 12:17:49 PDT 2015

Trevor Perrin <trevp at trevp.net> writes:

>I think you're referring above to RFC 5083's optional originatorInfo, which
>can be used for (1).  But I don't think the CMS SignedData has a standard way
>to bind the recipient (2).

I'm not referring to signed data at all, I'm referring to encrypt-then-MAC.

>So when Bob receives a signed-then-encrypted CMS message from Alice, there's
>no cryptographic verification that Alice intended to send the message to Bob.

Since only Bob can decrypt the message, only Bob can MAC it, so it's pretty
clear who the intended recipient is.


More information about the Messaging mailing list