"Housley, Russ":
In fact, MOSS is too flexible. In most circumstances, signatures should be
performed before encryption. MOSS allows people to sign ciphertext, by
putting a multipart/encrypted inside a multipart/signed. The MOSS
specification offers no warnings about this "feature."
Russ,
could you give your reasoning for saying that this is a bug, not a feature?
I could imagine some (weird) scenarios where I'd want to sign ciphertext,
for instance if I wanted to sign to the fact that I'd passed on someone
else's encrypted messages.
Look at the comp.os.linux.announce newsgroup for a case where one person
is PGP-signing messages that someone else sent - people will use this stuff
in ways I can't even imagine.
that said, an applicability statement for MOSS, saying what is or is not a
good idea, might be a Good Thing.
Harald A