Werner Koch wrote: > > The problem with S(E(m)) is that it reveals information about the > sender/signer whereas E(S(m)) does only tell you who is the recipient Please forgive my ignorance in the matter, but, if E(m) is vulnerable to tampering, why isnt E(S(m))? I understand why S(E(m)) isnt, but with E(S(m)), it is not obvious to me at all. Any help would be much appreciated. Cheers. Aurelio.