[Jtsummers]

It's more like they're sloppy than that they've made a mistake.

The session key would be encrypted with the recipient's public key so that they (and hopefully only they) can decrypt it and then decrypt the message encrypted with the session key. The sender would use the recipient's public key.

[betwixthewires]

That's my point. Someone with such little attention to detail that they're this sloppy has no business dictating to the world anything really. Either you don't know what you're talking about or you don't proof read before you publish. Either way don't tell me what's dead and what's not.