Assume we are using secret key technology. What is wrong with the following source authentication scheme? Alice chooses a per-message secret key K, and puts an encrypted version of K in the header for each recipient, say Bob and Ted. Then she uses K to compute a MAC on the message, say a DES-CBC residue, or by computing a message digest of K appended to the message. (Hint: it works fine for a single recipient, but there is a security problem if Alice sends a multiple-recipient message.)