Friday, February 02, 2007

Identity Based Encryption - mail forwarding

This is interesting - I set up an IBE on an email account to test out Identity Based Encryption.

I have one account set up to forward to the other.

I sent from account A to account B.

Then account B forwarded the IBE message to create a key back to account A.

I was able to create the private key on my computer by creating a login - using a different email address than the one the email was sent to. (I was in account A - the one that sent the message).

When I went back to the email in my webmail based email account B I had the key on my machine and was able to read it even though the email address I entered when I created the key for was not the email address the mail was sent to...

Also about 5 minutes later I was forwarded the test message from account B back to account A and was able to read it without doing anything else.

Seems a bit odd. Not sure the implications of this on secure email. I will have to think this one through a bit more.