On Mon, Aug 17, 2015 at 12:17 PM, Peter Gutmann <[email protected]> wrote: > Trevor Perrin <[email protected]> writes: > >>So when Bob receives a signed-then-encrypted CMS message from Alice, there's >>no cryptographic verification that Alice intended to send the message to Bob. > > Since only Bob can decrypt the message, only Bob can MAC it, so it's pretty > clear who the intended recipient is.
Bob doesn't know if he was Alice's intended recipient. Bob just knows Alice sent the message to someone (because she signed it), and someone encrypted it to him. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
