[Top] [All Lists]

Re: [ietf-smtp] persistent identifiers, was Proposed Charter

2015-12-12 14:30:24

On Dec 12, 2015, at 7:11 AM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:

On 12/12/2015 6:25 AM, Ned Freed wrote:
Provider and thus email address lock-in is clearly to the advantage of ISPs 
MSPs that view their email service as a source of revenue (ads, branding,
marketing data, whatever). As such, not only will they have no interest
in any move towards eliminating that lock-in, they may well be actively
antagonistic towards it.

And at this point I fear that the shift to the use of such providers has
reached a point where anything the IETF says or does is going to be 

You are probably correct on both counts, but I suspect neither point
matters very much.

There is such a strong, general, natural proclivity for using email
addresses as identifiers, nothing has shown even the slightest ability
to replace them, unless one counts a few different identifiers like
Twitter hashtags, which really are roughly equivalent to email addresses
(where the hashtag itself serves as the semantic.)

My point is that the fact that an address is unique and is heavily used
for regular interaction, makes it an identifier.

There have been various efforts to create 'permanent' identifiers that
are independent of email addresses, or the like.  None has succeeded.  I
believe ISP market pressures were irrelevant to those failures.

Your cellphone number, your facebook GUID and, to a
lesser degree, your twitter name are used as identifiers (and so also
authentication) in a lot of places. For many services your facebook
GUID or cellphone number is preferred, and use of an email address
as identity may not be supported in MVP (or in some cases, at all).

Those are centralized[1], though, which makes it easy for them to be

It's possible to create a unique identifier without any checking for
uniqueness - you could use a type 4 GUID, for instance. Not terribly
memorable, though, so unless you want to require people to carry
key stores around and copy them to every device - including public
access points - they want to use it's not going to work well for
real users.

If you want an identifier that is globally unique and federated then
you need some part of the identifier to be a unique identifier for
the identity provider you use, along with some additional information
per identity provider to guarantee uniqueness within that identity
provider. (e.g. OpenID, which uses DNS hierarchy to create IDs).

Any federated identity system is going to have all the portability disadvantages
email has, as well as some additional ones.


[1] Phone numbers are kinda federated, but as an implementation detail.
They're effectively centralized from a users perspective, as far as "Put
a quarter into the ITU, get a unique number back" is concerned.
ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>