[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research

[Martin Atkins]

SitG Admin wrote:
> 
> I do still (and did) handle E-mail through one machine, web access 
> through another. The machine that can handle E-mail has practically 
> nonexistent browser support; as far as the machine that can handle the 
> web is concerned, I have *never* entered an E-mail address. By isolating 
> each specialized machine in this way, I benefit from additional layers 
> of security, and all it costs me is a slight hit in speed when I have to 
> copy some information across by hand. I never have to take the "web" 
> machine offline to check E-mail, even if I disconnect the "mail" machine 
> from all networks before opening a message.
> 

I assume therefore that when a website wants to validate your email 
address as per current practice you manually type the URL in the 
validation email into your web browser on the other computer?

 > So it's all done in DNS?

My attempt at a protocol uses DNS, yes. I think DNS is the right layer 
to specify where the mail verification service for the domain is, since 
DNS is where the mail servers for the domain are specified. There are 
other approaches that would work too, of course.

What I'm trying to achieve is to simply ask the provider "does this user 
own this email address?" rather than sending an email and having a user 
click a link. It sounds to me like this would be especially useful to 
you since the computer that handles your email would be taken out of the 
picture completely and you'd just do a normal OpenID "redirect dance" in 
your browser.