Attualmente sto leggendo un articolo su ProtonMail qui e io non lo capisco.
Now let’s address ProtonMail’s weaknesses. One of the big issues is that it isn’t easy to know whether a message sent to another ProtonMail user is being encrypted to the recipient’s correct public key, which is stored on ProtonMail’s keyserver. For example, if Alice sends Bob a message encrypted to his public key, it’s harder for anyone else to read the message. But since ProtonMail distributes the encryption keys to users, it has the technical ability to give Alice its own keys in addition to Bob’s, thus encrypting the messages in a way that would allow it to eavesdrop.
Cosa si intende sotto 'le proprie chiavi'? Si crittografano i messaggi utilizzando solo le chiavi pubbliche e sono, beh, pubblici. Quindi, dov'è il problema, in effetti, che qualcuno conosca qualcun altro della chiave pubblica?
Aggiorna Dopo i commenti e la risposta mi sono reso conto che la confusione sparisce se si riformula la frase evidenziata in questo modo:
But since ProtonMail distributes the encryption keys to users, it has the technical ability to give Alice freshly generated malicious keys instead of Bob’s, thus encrypting the messages in a way that would allow it to decrypt them on the server (using private key from freshly generated keys) even without knowing Bob's private key.