We can only *really* trust this once the certificate validates, and even then the certificate could be out of date. So now the mapping is only treated as high-trust when the inner messages decrypts successfully too.