On Tue, Jan 11, 2011 at 12:19 PM, <dan at geer.org> wrote: > > If one is a purist, then one wants sign>encrypt>sign > > See http://world.std.com/~dtd/#sign_encrypt That is a really interesting paper. Did the OpenPGP protocol ever include a fix for the attack they describe? Nicholas