Directedness of authentication

One could also define directedness of authentication to mean that the authentication is only valid for particular recipients. 

One could also consider normal confidentiality requirements in the interest of all participants in a transaction, e.g., that attackers do not learn anything about the messages that honest users authenticate for each other. In general, one woidd use combinations of normal signature schemes and secrecy schemes inside the system, but, as mentioned under Directedness of Authentication in Section 5.2.8, this will not always be trivial. 

---