[messaging] alternative to OpenPGP?
Trevor Perrin
trevp at trevp.net
Mon Aug 17 13:29:31 PDT 2015
On Mon, Aug 17, 2015 at 12:17 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Trevor Perrin <trevp at trevp.net> writes:
>
>>So when Bob receives a signed-then-encrypted CMS message from Alice, there's
>>no cryptographic verification that Alice intended to send the message to Bob.
>
> Since only Bob can decrypt the message, only Bob can MAC it, so it's pretty
> clear who the intended recipient is.
Bob doesn't know if he was Alice's intended recipient.
Bob just knows Alice sent the message to someone (because she signed
it), and someone encrypted it to him.
Trevor
More information about the Messaging
mailing list