Purpose of Triple Wrapping Not all messages need to be triple wrapped. Triple wrapping is used when a message must be signed@ then encrypted@ and then have signed attributes bound to the encrypted body. Outer attributes may be added or removed by the message originator or intermediate agents@ and may be signed by intermediate agents or the final recipient. The inside signature is used for content integrity@ non-repudiation with proof of origin@ and binding attributes (such as a security label) to the original content. These attributes go from the originator to the recipient@ regardless of the number of intermediate entities such as mail list agents that process the message. The signed attributes can be used for access control to the inner body. Requests for signed receipts by the originator are carried in the inside signature as well. The encrypted body provides confidentiality@ including confidentiality of the attributes that are carried in the inside signature. The outside signature provides authentication and integrity for information that is processed hop-by-hop@ where each hop is an intermediate entity such as a mail list agent. The outer signature binds attributes (such as a security label) to the encrypted body. These attributes can be used for access control and routing decisions.