[OpenID] Proposal: SMTP service extension for Yadis discovery

Martin Atkins mart at degeneration.co.uk
Mon Feb 5 08:17:52 UTC 2007


Dmitry Shechtman wrote:
> An SMTP service extension for Yadis discovery is proposed, inspired by 
> Byrne Reese’s suggestion to allow use of email addresses as OpenID 
> identifiers.
> 
> http://blog.phpbb.cc/2007/02/04/smtp-service-extension-for-yadis-discovery/
> 

While I like the principle, I'm not convinced that extending SMTP is the 
right approach. Imagine that I already have an SMTP service on my system 
that is handling mail. Now I must either:

* Hack whatever MTA I'm running to support this extension.
* Run a separate MTA on a separate address... but now I can't use my 
"real" email address as my identifier because the MX points at the other 
server!

If you're going to go as far as defining a separate listener outside of 
an HTTP server, there's no real reason why it has to be an extension to 
anything. Imagine the following protocol:

* User enters frank at example.com.
* RP does SRV lookup for _yadis._tcp.example.com
* RP connects to a nominated address/port pair
* RP sends the literal string "XRDS mailto:frank at example.com" followed 
by a \r\n.
* Service responds with "XRDS http://www.example.com/frank/~yadis" 
followed by \r\n

By using SRV it can run on any address(es)/port(s) rather than having to 
be the same as my mail exchanger(s). It can also theoretically accept 
other similar identifiers like Jabber IDs if an appropriate mapping is 
defined.

However, this doesn't have the nice "user bootstrap" quality that 
HTTP-based Yadis does. I can't just get a free/cheap hosting account and 
throw up an XML document; in most cases users will need a whole rented 
server in order to be able to run arbitrary services like this.

I'm also not sure that there's a pressing need to use email addresses in 
this way.





More information about the general mailing list