> I don't think that's right. If an attacker creates a new ephemeral, > they won't be able to encrypt the original payload key. All they'd > accomplish is forging a message that decrypts to gibberish.
Oops, you're totally right. Thanks for letting us steal so much of your time, Trevor. If you're ever near the Keybase office in SF or NYC, we owe you a beer! - Jack _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
