Re: why the encrypted msg is not transmitted over secure channel?

Mike Amling wrote:
That's fine in Canetti & Krawczyk's context of insecure networks. I
had thought the OP's use was a little more general. There are other ways
of obtaining confidentiality than encryption. Key distribution by
courier, for example, may meet requirements for confidentiality and
authentication, with neither the courier nor her opaque briefcase nor
its contents being encrypted.

Oh. You're absolutely right. I had misunderstood your point.
I was sloppy. What I should have said is that the meaning of the
term "secure channel" that I'm familiar with requires both integrity
and confidentiality protection. (I got sloppy and conflated encryption
with confidentiality, though of course as you say there are other ways
to protect confidentiality other than encryption.)

Anyway, if the channel is only authenticated but has no confidentiality
protection, then I wouldn't call it a "secure channel"; I'd call it an
"authenticated channel".