This is interesting - I set up an IBE on an email account to test out Identity Based Encryption.
I have one account set up to forward to the other.
I sent from account A to account B.
Then account B forwarded the IBE message to create a key back to account A.
I was able to create the private key on my computer by creating a login - using a different email address than the one the email was sent to. (I was in account A - the one that sent the message).
When I went back to the email in my webmail based email account B I had the key on my machine and was able to read it even though the email address I entered when I created the key for was not the email address the mail was sent to...
Also about 5 minutes later I was forwarded the test message from account B back to account A and was able to read it without doing anything else.
Seems a bit odd. Not sure the implications of this on secure email. I will have to think this one through a bit more.