<div dir="ltr">It's more than just request -> response. It's also an intriguing model for information resolution, where the trust is centralized, but then delegated out.<br><br>Why shouldn't it be used for identity resolution as well? An identity (even more so from a computer's perspective) is merely a small set of data with a chain of trust - just like most DNS lookups.<br>
<br><div class="gmail_quote">On Tue, Oct 14, 2008 at 10:45 PM, Martin Atkins <span dir="ltr"><<a href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">SitG Admin wrote:<br>
><br>
>> Putting it in DNS doesn't change the user-centricness, it just changes<br>
>> the means of publication.<br>
><br>
> I disagree here; to use military terminology here (as learned from<br>
> analyses of Trusted Computing) for a moment, your DNS server is not a<br>
> Trusted party for your personal information! IT does not have access to<br>
> your personal information; YOU do. If a spammer (or stalker) wants to<br>
> learn where you live (so they have a physical address for snailmail spam<br>
> or home invasion), they cannot simply ask the DNS server where you live,<br>
> because the DNS server does not possess that information - they MUST<br>
> contact you, the user, directly, and in the process of making that<br>
> request they not only make you (the user) aware of it, but provoke the<br>
> distinct possibility that you will simply refuse to tell them!<br>
><br>
> Your reply also suggested, though, that this level of control *can* be<br>
> present in DNS, which intrigues me :)<br>
><br>
<br>
</div>I was not suggesting that you should put your physical address or<br>
telephone number in DNS, just that you can publish in DNS information<br>
about how that information might be obtained, much as you publish on<br>
your web site how that information might be obtained.<br>
<br>
I'd also like to point out that HTTP URLs are themselves dependent on<br>
DNS. All you gain by publishing this information over HTTP rather than<br>
DNS is a couple more layers of indirection. I can't control my identity<br>
page on MyOpenID any more than I can control the contents of the<br>
<a href="http://myopenid.com" target="_blank">myopenid.com</a> DNS zone.<br>
<br>
Additionally, since DNS is a request->response protocol just like HTTP,<br>
there's no technical reason why you can't log requests and refuse to<br>
talk to certain clients if you wish. The domain name system is not magic.<br>
<div><div></div><div class="Wj3C7c"><br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br></div>