Fix 'to'-attribute requirements: All content elements which are signed using OpenPGP need + that attribute to prevent Surreptitious Forward Attacks. The &crypt; element does not require + one, as the intented recipient is established by the encryption itself. The XEP had the + requirements for &sign; and &crypt; mixed up.
+OpenPGP content elements MUST possess exactly one 'time' - element as direct child elements. The &signcrypt; and &crypt; + element as direct child elements. The &signcrypt; and &sign; content elements MUST contain at least one 'to' element(s), which MUST have a 'jid' attribute containing the intended recipient's XMPP address of the signed and/or encrypted data to prevent @@ -241,7 +252,7 @@ (Ed.). Springer-Verlag, London, UK, UK, 83-107. <https://www.iacr.org/archive/eurocrypt2002/23320080/adr.pdf>. The XMPP address found in the 'to' element's 'jid' attribute - SHOULD be without Resourcepart (i.e., a bare JID). A &sign; content + SHOULD be without Resourcepart (i.e., a bare JID). A &crypt; content element may not carry a 'to' attribute. The 'time' element MUST have a 'stamp' attribute which contains the timestamp when the OpenPGP content element was signed and/or encrypted in the @@ -266,14 +277,14 @@