Ned,
In most cases, sure, but what about when I receive an encrypted message I
cannot decrypt myself and want to pass it on to someone else while assuring
that it isn't tampered with? Situations do arise where encrypt-then-sign,
or encrypt-sign-encrypt, or whatever, are useful.
I'm not sure I get your point here. The encryption process should already
have protected the message against unwanted tampering. Do you get some extra
security in signing an encrypted message? I agree, however, that the
flexibility in MOSS is desired.
I agree that a document talking about the various combinations of security
elements and how they can be used would be a good thing, but not as part of
the
specification itself.
Agreed!
Regards,
Stefan.
______________________________________________________________________________
Stefan Kelm <kelm(_at_)cert(_dot_)dfn(_dot_)de> WWW:
http://www.cert.dfn.de/~kelm/
DFN-CERT, University of Hamburg, Vogt-Koelln-Str. 30, 22527 Hamburg (Germany)
Tel: +49-40-54715262 / Fax: +49-40-54715241
[get my PEM and PGP keys via command: "finger
kelm(_at_)www(_dot_)cert(_dot_)dfn(_dot_)de"]