Re: Mail Server Registries and Foreign Sender Authentication: A Proposal

[Douglas Otis <dotis@xxxxxxxxxxxxxx>]

On Fri, 2007-03-23 at 20:51 -0600, Randy Smith wrote:
> Greetings,
> 
> I was recently discussing various issues surrounding email with a
> coworker and had a couple of ideas for authentication systems that I
> would like to get some feedback on. You can read my ideas at
> http://perlstalker.blogspot.com/2007/03/mail-server-registries-and-foreign.html.
> 
> As I said, I'm looking for feedback. Are these ideas worth pursuing or
> am I barking up the wrong tree?

It would seem OpenID is ideal for controlling a recipient's access to
information being sent using BURL style messages.  OpenID means the
sender would not need to control how the recipient confirms their
identity.  There would need to be a convention established to translate
email-addresses to a URI convention suitable for use with OpenID.

This would protect message content as well as confirm the recipient
actually received their message.  This seems like an ideal mechanism for
various sensitive commerce related transactions.  By pointing to the
message with a URI, there would not be any need to verify the identity
of the message source.  However, the source URI should use the same
conventions as that used for OpenID recipient.

As OpenID really needs a specialized viewer, where one designed to
function as an MUA would not be unreasonable.  OpenID could also help
establish filtering criteria as well.  OpenID is an interesting
mechanism.

-Doug