This is one of the most common questions I’m getting about LID. The argument goes like this: people are used to addresses that look like xxx@yyy (e-mail: for people) and those that look like http://yyy/xxx (for sites). If LID uses http URLs to identify people, won’t that confuse everybody?
Well, yes, it does, but that issue is compensated more than sufficiently by the advantages we get by using http instead of SMTP. Here are the most important ones:
- Google: if you type my name into Google (try it), what do you expect to show up first? Why not my public Digital Identity? Turns out that is exactly what shows up: my LID URL, with its default page, which happens to be my blog. If my LID was my e-mail address, there would be no way for Google to show it first and the distribution of digital identifiers for people like you and me would be very hard (and thus we couldn’t use it for very much)
- Key distribution: by using http, it is very easy for the owner of a LID to distribute their public key (e.g. here is mine, simply by adding the ?meta=gpg%20-export%20--armor argument to my LID URL). All the practical issues with key distribution in a e-mail based system like PGP do not occur.
- Commands: In LID, we always use the base LID URL and then append various commands, whether this is querying for information (e.g. ?xpath=/VCARD/N), specifying a format (e.g. ?format=mime:text/xml) or an action (e.g. ?action=sso-approve). Defining such a vocabulary of commands, and making it work with existing e-mail systems would be practically infeasible (in our view).
- Uniformness: This way, people, groups/organizations and non-human entities (e.g. RFID tags) can use the same protocols for digital identities, which would be unlikely in case of e-mail.
- Spam: With more than 50% of e-mail now spam, we don’t want to introduce an ever-increasing amount of probability that a digital identity message won’t get delivered (because some spam filter, or quarantine scheme, or whatever decides not to deliver our message as sent).
- Browser as first-class client: by using http, standard, unmodified web browsers can be fully-enabled digital identity clients, which is great.
Having said that, there is at least one thing we could theoretically do to create the illusion of e-mail addresses even if we don’t use them: automatically translate an address such as lidddemouser@lid.netmesh.org into addresses such as http://liddemouser.lid.netmesh.org/ or http://lid.netmesh.org/liddemouser. However, by doing this, we may introduce other, difficult to understand, issues for the end user, such as the http behavior when SMTP behavior is expected (e.g. on-line vs. batched, browser redirects vs. helper apps etc.).