On Dec 12, 2015, at 7:11 AM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
On 12/12/2015 6:25 AM, Ned Freed wrote:
Provider and thus email address lock-in is clearly to the advantage of ISPs
and
MSPs that view their email service as a source of revenue (ads, branding,
marketing data, whatever). As such, not only will they have no interest
in any move towards eliminating that lock-in, they may well be actively
antagonistic towards it.
And at this point I fear that the shift to the use of such providers has
reached a point where anything the IETF says or does is going to be
irrelevant.
You are probably correct on both counts, but I suspect neither point
matters very much.
There is such a strong, general, natural proclivity for using email
addresses as identifiers, nothing has shown even the slightest ability
to replace them, unless one counts a few different identifiers like
Twitter hashtags, which really are roughly equivalent to email addresses
(where the hashtag itself serves as the @twitter.com semantic.)
My point is that the fact that an address is unique and is heavily used
for regular interaction, makes it an identifier.
There have been various efforts to create 'permanent' identifiers that
are independent of email addresses, or the like. None has succeeded. I
believe ISP market pressures were irrelevant to those failures.
Your cellphone number, your facebook GUID and, to a
lesser degree, your twitter name are used as identifiers (and so also
authentication) in a lot of places. For many services your facebook
GUID or cellphone number is preferred, and use of an email address
as identity may not be supported in MVP (or in some cases, at all).
Those are centralized[1], though, which makes it easy for them to be
unique.
It's possible to create a unique identifier without any checking for
uniqueness - you could use a type 4 GUID, for instance. Not terribly
memorable, though, so unless you want to require people to carry
key stores around and copy them to every device - including public
access points - they want to use it's not going to work well for
real users.
If you want an identifier that is globally unique and federated then
you need some part of the identifier to be a unique identifier for
the identity provider you use, along with some additional information
per identity provider to guarantee uniqueness within that identity
provider. (e.g. OpenID, which uses DNS hierarchy to create IDs).
Any federated identity system is going to have all the portability disadvantages
email has, as well as some additional ones.
Cheers,
Steve
[1] Phone numbers are kinda federated, but as an implementation detail.
They're effectively centralized from a users perspective, as far as "Put
a quarter into the ITU, get a unique number back" is concerned.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp