User @ domain.tld as ID (Once again)

Thu Nov 3 00:10:46 PST 2005

Matthew A. Nicholson wrote:
> 
> First I don't see everyone getting a URL so they can use their OpenID's,
> almost everyone who uses the net already has an email address.  Second,
> tons and tons of other technologies already use email address style
> identifiers.  These include, but are not limited to: email, jabber, gpg,
> monotone, arch, SIP, IAX (and other VOIP stuffs), the list goes on.  Why
> not continue this tradition, it seems to work well.  Why not have one ID
> for everything.
> 

But I do not have one ID for everything. All of those things you listed
have a similar appearance, but they are all different...

Email: user @ domain
look up MX record for domain. connect to the resulting server on port 25
and talk SMTP, including the recipient address.

SIP: user @ host
look up A record for domain, possibly via a CNAME. Use SIP to initiate a
"call" with that host.

Jabber: user @ host
look up SRV record for xmpp-server._tcp._blah.whatever.host. Use XMPP to
start a Jabber s2s connection with that host and spew chunks of XML at it.

Hypotheitical OpenID mapping: user @ host
Create some crazy magic URL like http://host/_openid/user and retrieve
it to discover the identity server URL for that user. Then connect to
the identity server URL and continue as normal.

...and so on...

My Email address is not the same as my SIP address, and neither are the
same as my Jabber address. If I say to you: "Contact me at
'mart at kumquat.com'", how do you know what kind of address that is? While
it's possible to make all of these the same, due to them all being
fundamentally different, provided by different servers and thus
different providers, more often than not they are all different. I don't
expect to see Hotmail providing Jabber IDs nor OpenID identities any
time soon.

While it's true that URLs aren't unambiguous either, it's a lot easier
to make your personal website the same as your identity URL, and it's a
lot easier to discover someone's personal website than someone's email
address if you know a few details about them.

Also, unless you can come up with a way to map an email address onto a
URL that doesn't involve "magic" URLs that everyone must implement (see
a recent discussion for my views on why that is unworkable) email-style
addresses are simply unworkable in an OpenID context, since it works
inside web browsers by redirecting across domains.

Aside from all that, I'd much rather share my URL than my email address.
There's not much that someone can do with a URL, but plenty of annoying
things that someone can do with an email address.

And so on, and so on. We've been over this before. No-one has yet come
up with a persuasive argument for why URLs are fundamentally bad or how
email addresses can possibly work. URLs work. As far as the user's
concerned, it's just an opaque string of characters. Does it really
matter whether it's frank at livejournal.com or frank.livejournal.com?