Verify Email

This is a proposed system to verify email addresses.

It seems there's a basic operation that you want to do with an email address: send a random number* to the email address and have the user reply with that random number and whatever authorization (digital signature*, description of command, etc.) is necessary. Then make the reply publicly available if the random number matches. This solves many use case*s.

Note that system is still vulnerable to malicious eavesdroppers. To solve this, use public key encryption* (and be sure that encrypt(msg,alice,bob) != encrypt(msg,bob,alice)). Of course now you're open to a man-in-the-middle attack*, but what're you going to do?

If you wanted to do this for historical purposes the :

User = Alice W3C = Trent

• Alice sends a registration request to Trent.
• Trent sends back an (optionally encrypted) random number.
• Alice (decrypts and) signs the number and sends it back.
• Trent posts the signed message, date and mailbox on his website.

Now anyone can verify the signature on the message and know that the person with that key had access to that mailbox at that time.

Anyone want to set this up? Has anyone done this?

Part of LogicError. Powered by Blogspace, an Aaron Swartz project. Email the webmaster with problems.