[OpenID] FW: PROPOSAL: An Extension to transform an EMail Addressto an OpenId URL

Claus Färber GMANE at faerber.muc.de
Sun Feb 11 12:19:27 UTC 2007


David Fuelling schrieb:
> Proof of email address ownership is another interesting "fallout" of my
> Email mapping proposal.  For example, we know that example.com controls the
> email address "beth at example.com" since the domains are the same.  If that
> email address easily resolves to a URL in the example.com domain (e.g.,
> http://beth.example.com) via Yadis and some transform procedure, then this
> in itself is enough to prove that the person who controls that OpenId URL
> http://beth.example.com also controls the email address beth at example.com (or
> else, somebody mis-configured something at example.com).  ;)

No, it's proof that a person who controls beth at example.com authorised 
persons in control of http://beth.example.com. It is NOT proof that 
persons who control http://beth.example.com have any control over the 
address beth at example.com.

E.g. http://beth.example.com <=> abeth at example.com (Alice Beth)
      http://eth.example.com <=> beth at example.com (Bob Eth)
If the owner of example.com let's the users define the mapping for their 
email address, Bob could not only claim http://bob-eth.otherisp.example 
but also Alice's http://beth.example.com URL.
(As a real world example, my main provider gives me cfaerber at muc.de and 
[www.]muc.de/~cfaerber but also faerber.muc.de and www.faerber.muc.de.)

Claus




More information about the general mailing list