Dominikus Scherkl <mailto:Dominikus(_dot_)Scherkl(_at_)glueckkanja(_dot_)com>
I see no other way than "encrypt, sign and encrypt" (ESE)
to archive all cyptografic goals which seems inportant to me:
Yes that is one of the five methods Don Davis wrote about as a solution in
I agree with you that SES is not a good solution because it leaves
the signature unprotected at the outer layer.
The method I have suggested is to sign the recipient's name into the
message, as this avoids another costly encryption. Unfortunately
this is very disturbing to those that think sign and encrypt must
and should be independent layers in the protocol. But I think
there should be possible to open up for certain exceptions to this
layer thinking when security needs demands it.