Hear us Roar
Article:
 |
|
Terence Spies on Identity-Based Encryption
|
| Subject: |
|
confusion |
| Date: |
|
2003-08-14 07:28:21 |
| From: |
|
anonymous2
|
|
|
|
I'm confused as to how the access-control-string, which is the crux of the security mechanism, is used as a secure authentication device.
It would seem that in this system, the email is no more secure than the recipient's email system, so while it may protect while in transit, if I get control of the recipient's account, I could read messages.
How is this better than just sendmail on top of ssl? (assuming such a beast can be built)
Also, what is to stop me from caching a time-sensitive key, thereby allowing me to read messages past their expiration?
Perhaps if you outlined what was assumed trusted vs untrusted I could get a better feel for how the system works.
Johan
|
|
| |
