I'm confused as to how the access-control-string, which is the crux of the security mechanism, is used as a secure authentication device.
It would seem that in this system, the email is no more secure than the recipient's email system, so while it may protect while in transit, if I get control of the recipient's account, I could read messages.
How is this better than just sendmail on top of ssl? (assuming such a beast can be built)
Also, what is to stop me from caching a time-sensitive key, thereby allowing me to read messages past their expiration?
Perhaps if you outlined what was assumed trusted vs untrusted I could get a better feel for how the system works.