31 Aug
1993
31 Aug
'93
7:26 p.m.
PEM also reveals who signs messages, even when the message is encrypted. In other words, if I send you a PGP encrypted message which I also signed, the signature is hidden under the encryption. You do not know who sent you the PGP message (assuming a cypherpunks remailer or equivalent was used) until after you decrypt the first "packet" and gaze inside. PEM, on the other hand, reveals in the clear who signed the message, outside of the encrypted portion. Also note that to be PEM compliant, you *must* always sign your messages. So much for anonymous encrypted messages... There is something to be said for the PGP encapsulated approach...