Does applying a strong hash function like SHA-256 to the ECB-encryption of a message (using some secret key $K$) produce a secure mac? For example, given a message $m$, would a simple mac construction $H(E_K(m))$ be considered a secure mac if we used a strong hash $H$ like SHA-256?
Compared to standard HMAC, this construction seems simpler and might even execute a little faster too. Also, it doesn't seem like this mac scheme is vulnerable to length extension attacks either since without knowledge of $K$, it doesn't seem like the attacker can "extend" the input to the hash function $H$ since the output of $E_K(m)$ never gets "exposed" to the attacker but only consumed as just some intermediate computation step inside of $H(E_K(m))$.
Of course, the standard $\text{HMAC}(K,m)$ construction is likely more secure against the usage of "weak hash functions", so I'm purposefully requiring $H$ in my construction to be a "strong" hash function (e.g., SHA-256) that should be collision-resistant and (of course) preimage-resistant as well.
Likewise, this key $K$ would only be used for generating mac's only, and not "shared" for other encryption purposes elsewhere. This is because if some "other part of the application" reuses $K$ for general encryption elsewhere, an attacker might take advantage of that to determine $c=E_K(p)$ for some known or chosen (or even "derived") plaintext $p$, and thus trivially forge some message $m = p$ along with its valid mac $H(c)$.
**Edit: this is essentially the reverse of this scheme...