Mark Baker, one of the “gods of REST” whose work I have referenced many times in my work on the XDI protocol at OASIS, makes some excellent points in his commentary on the First Corollary. To my contention that many domain names break the First Corollary because they require public Whois data about a registrant, he says:

DNS does certainly require a small amount of information be made available, and though I’m hardly a historian, the little I do know of the history of this data suggests that it represents the minimum amount that a mature industry – which has had to balance the needs of domain owners (anonymity) with those of the public at large (accountability) over many years – has reached concensus on requiring. So I doubt that any competing centralized solution would be able to reach widespread deployment without, in the steady state, providing a similar amount of info about registrants.

Also, who says that there’s a direct correspondence between a DNS name and the person who uses the email address? I don’t own gmail.com, nor yahoo.com, yet have email addresses at both of those domains. Google and Yahoo, in offering an email service, provide a degree of anonymity via proxy; if you want to learn more about me there, you have to go through them, and I’m not required to publish any info about myself there.
Hushmail‘s probably the extreme case here, as they seem to exist to provide as-anonymous-as-possible email services.

Mark is right that the generalizations I made about privacy and DNS in the First Corollary were too strong. I agree with him that DNS has evolved a balance between anonymity and accountability (the balancing factors of which I think brilliantly are discussed in The Accountable Net paper originally inspired by Esther Dyson.)

I don’t agree with his contention, however, that any other federated identifier infrastructure must end out “providing a similar amount of info about registrants”. While accountability ultimately requires identifiability at some level, as The Accountable Net points out there are other (and arguably more effective) ways to provide it than direct public disclosure of identifying information. The XDI.ORG solution for global i-name/i-number accountability is only one example.

On Mark’s second point, about the privacy of email addresses, I completely agree with him that they can protect the real-world identity of the owner. I was trying to make a slightly different point, which is that an email address inherently discloses a method of interaction with its owner — less-than-ideal from the standpoint of the First Corollary. For example, giving a website a Hushmail address when registering may not reveal any personally identifying information about me, yet it still gives the website a way to send me email (unless I never use the account, which has its own drawbacks).

So having a way of being able to identify and authenticate oneself online without providing an email address, which is an advantage of LID, SXIP, and other digital identifier systems in addition to XRI i-names and i-numbers, gives users greater control under the First Corollary. Which leads us nicely to the Second Corollary…