Terence Spies on Identity-Based Encryption
Subject:   confusion
Date:   2003-08-14 07:28:21
From:   anonymous2
I'm confused as to how the access-control-string, which is the crux of the security mechanism, is used as a secure authentication device.

It would seem that in this system, the email is no more secure than the recipient's email system, so while it may protect while in transit, if I get control of the recipient's account, I could read messages.

How is this better than just sendmail on top of ssl? (assuming such a beast can be built)

Also, what is to stop me from caching a time-sensitive key, thereby allowing me to read messages past their expiration?

Perhaps if you outlined what was assumed trusted vs untrusted I could get a better feel for how the system works.