David P. Kemp <mailto:dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil> wrote:
Your proposal for an extra packet does not address this alleged flaw.
Note that Alice could sign a message saying "encrypted to
Bob", and then
encrypt and send the message to Charlie, thus framing Bob for breach
No, because then Charlie would know it was something fishy going on.
He would not now if Alice or Bob (or some one else) was to blame,
but he would get a warning message saying that this is an invalid
signed & encrypted message.
You can't take two operations that are inherently separable and create
a magic hack that makes them inherently and verifiably atomic. Each
layer does what it does - if you want the security services provided
by three layers (ESE), or what S/MIME calls triple-wrapping (SES),
then you must use three layers.
Well, if you use three layers (ESE), you get the added bonus that you
can easily see what is wrong if someone try to do something bad.
But also with my proposed method you can verify if everything is ok or not.