XAuth critiques

[SitG Admin]

>OK.  To be clear, I do not believe that XAuth breaks privacy. 
> Therefore, I don't believe browsers need to 'fix' it.

Um . . . you admit (on the blog post) that the only reason this first 
version relies on a single (central) domain is because browsers do 
not currently support it. You also want XAuth to "bootstrap" the 
(future) browser-centric solution. Let's recap:

1) The browsers, in their current incarnation, do NOT support XAuuth.
2) You see a future where browsers add support for XAuth.
3) You think that XAuth will encourage browsers to add support.

If the status quo persists then THERE IS A PROBLEM (for XAuth).

You are proposing to present browser vendors with a broken model and 
say "Here, it doesn't work *exactly* as advertised yet, but if you 
add support for it, it will!": this is functionally equivalent to 
"We're going to be marketing this to users as if it weren't broken, 
so if you don't like that, it's YOUR job to fix it."

-Shade