> On May 14, 2018, at 12:35 PM, Paul Wouters <paul@xxxxxxxxx> wrote: > > > So that’s the bandaid. What and where will work be done on a solution? A CBC-MAC (or some other suitable ciphertext MAC) would probably help to defeat tampering with the CBC ciphertext. As would encrypt-then-sign (rather than the more typical for S/MIME sign-then-encrypt), but S/MIME signatures are optional, so a ciphertext MAC seems appropriate. -- Viktor.
