Trevor Perrin <[email protected]> writes: >I think you're referring above to RFC 5083's optional originatorInfo, which >can be used for (1). But I don't think the CMS SignedData has a standard way >to bind the recipient (2).
I'm not referring to signed data at all, I'm referring to encrypt-then-MAC. >So when Bob receives a signed-then-encrypted CMS message from Alice, there's >no cryptographic verification that Alice intended to send the message to Bob. Since only Bob can decrypt the message, only Bob can MAC it, so it's pretty clear who the intended recipient is. Peter. _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
