intertwingly

It’s just data

Email addresses your OpenID via DNS


Bernie Reese: this is exactly was OpenID needs: Open iDNS, or “Open Id Domain Name System.” This service would work just like DNS, and would map email addresses to an OpenID provider designated by the owner.

Looking at Jabber recently caused me to see this prior discussion in a new light.  With Google Talk, one’s gmail.com email-style address is one’s identity.  I just created a second address, one without a gmail.com account behind it.  And Google Talk and GMail seem to be doing just fine.

Part of the problem is that the people working on OpenID are concerned about privacy, and the perception is that giving away an email address may be revealing too much.  But as email address can be minted at will, the user is still in full control.  And those that wish to can still use http flavor URIs, so nobody loses.

Another part of the problem is that the solution proposed required people to do real work, deploy real software in production, and have to deal with all of the counter-measures designed to stop spammers, etc.

Ironically DNS SRV records were dismissed prematurely:

Although big providers could easily adopt this, others (consumers, mostly) would have to make substantial efforts in order to adjust.  [Emphasis added]

Here’s a version of the consumer side of the code for a fully load balancing solution:

import DNS, sys, random
DNS.ParseResolvConf()

# resolve _xmpp-server per RFC 2782
for domain in sys.argv[1:]:

  # resolve the service
  request = DNS.Request(qtype='srv')
  response = request.req('_xmpp-server._tcp.%s.' % domain)
  services = [service['data'] for service in response.answers]

  # choose services with the highest priority
  services.sort()
  services = [service for service in services if service[0]==services[0][0]]

  # make a weighted choice amongst these services
  random.shuffle(services)
  choice = sum([service[1] for service in services]) * random.random()
  for service in services:
    choice -= service[1]
    if choice <= 0:
      print "%s:\t%s:%d" % (domain, service[-1], service[-2])
      break
  else:
    print "%s:\t<none>" % domain

Try it against gmail.com to see how it works.

DNS records are already distributed and cached, so after the first request there would be little to no noticeable latency.  The software is already deployed.  People could update SRV records without needing to wait for clients to be deployed, and clients could start checking for this without waiting for people to update SRV records.