# HG changeset patch
# User Paul Boddie <paul@boddie.org.uk>
# Date 1379027105 -7200
# Node ID 1ece83b447d67ae12c8052e7c7fe33f2a535eb0f
# Parent  459483cc0a8476f7e84c1408ae03b88cedbfc6c0
Added some reminders about verification and decryption.

diff -r 459483cc0a84 -r 1ece83b447d6 MoinMessageSupport.py
--- a/MoinMessageSupport.py	Tue Aug 27 23:13:29 2013 +0200
+++ b/MoinMessageSupport.py	Fri Sep 13 01:05:05 2013 +0200
@@ -63,8 +63,17 @@
         # Detect PGP/GPG-encoded payloads.
         # See: http://tools.ietf.org/html/rfc3156
 
+        # Signed payloads are checked and then passed on for further processing
+        # elsewhere. Verification is the last step in this base implementation,
+        # even if an encrypted-then-signed payload is involved.
+
         if is_signed(message):
             self.handle_signed_message(message)
+
+        # Encrypted payloads are decrypted and then sent back into this method
+        # for signature checking as described above. Thus, signed-then-encrypted
+        # payloads are first decrypted and then verified.
+
         elif is_encrypted(message):
             self.handle_encrypted_message(message)