[OpenID] Fixing usability: can OPs indicate their claimed_id's are PPID's?

[SitG Admin]

>I wouldn't worry at all about email addresses being transmitted in 
>the clear.  SMTP itself is unencrypted.  If you're worried about man 
>in the middle sniffing between OP and RP, there's no more danger 
>there than between SMTP servers across the open Internet.

Which typically transmit E-mail addresses (it's possible for an 
originating domain/server to asymmetrically encrypt *just* the 
username portion of addresses, leaving the recipient domain/server to 
decrypt these and file into the appropriate mailboxes, but I'm not 
aware of any formal spec for this yet), but then the *point* there is 
E-mail, after all; you aren't adding much in the way of correlation, 
despite the possibility of eavesdropping from whoever 
owns/runs/manages the hardware. OpenID might be a bit different; it 
depends, somewhat, on how the RP 
acknowledges/welcomes/greets/recognizes a user. Will the page content 
flying by (in plaintext) identify the user in any way? Will that, in 
turn, be enough to acquire E-mail address (and other personal data) 
from, making the point moot whether that was provided in transit or 
not?

-Shade

Postscript: Bonus question. Are there any OpenID-compatible browsers 
that remember URL's in History when those URL's gave a Redirect, and, 
if so, would this allow anyone with access to that browser's History 
to see data that an OP was using the user to convey to a RP?