David, Perhaps we should not categorically impose an order for encrypting and signing. Working drafts for the w3c provide examples of signing encrypted data:
http://www.w3.org/Encryption/2001/Drafts/xmlenc-decrypt.html#example The complexity of this issue is compounded by the notion that only portions of a document may be encrypted. If the entire document were to be encrypted, then it logically makes more sense to sign first. Perhaps we should provide the flexibility of encrypting first with a word of caution for its consequences and RECOMMEND signing first. I have read your signing the outside of an envelope argument. It confused me a bit since I thought that is what people did in times past by affixing their seal to the container of a message? The sentiment among hp developers is that signing/encrypting can go in either order. One developer cited a WS-Security spec of Microsoft as an example that anticipates different orderings (but I personally haven't had a chance to locate and study that document). b ============================================ Bruce Pedretti Hewlett-Packard Company Software Developer 6000 Irwin Road (856) 638-6060 Mt. Laurel, NJ 08054
http://www.hp.com/ ============================================