Russ wrote....
I wonder why you would want to sign ciphertext generated by someone else?
This is especially "weird" if you do not have the key to decrypt the message.
Yes, I think that a statement saying that signature should be applied before
encryption is a very good idea.
Russ
Well if you had a performance review where you had a section
where you could encrypt comments about your supervisor, but you
only wanted their supervisors and human resources to read it, your
manager would sign that they he agreed with everything else and that
you could be sure he did not modify the comments or know about them.
Just a thought.