File this under “things to explore after we get DNSSEC integration working”. I’m not 100% sure this will work, but I’m throwing it out there for feedback. If we decide this is a bad idea, that’s cool too.
Most of the digerati have their own domains (e.g., virgil.gr), or will be willing to get their own .eth name. But in web2, we are usually identified by our email address, and it would be a win for UX if we could bring that same functionality to web3/ENS.
If your mailserver has ethereum-compatible DKIM signatures, I think there’s a way to do it. It’d go something like this:
- You go to a registration page, presumably on ens.domains, but you could use any frontend you want. (Akin to how there’s two frontends for uniswap, uniswap.exchange and uniswap.ninja)
- Using Metamask, you submit a request to have your email address,
[email protected], be controlled by your metamask ethereum address,
- You send an email from
[email protected]to a special address, say [email protected] In this email’s subject line you include the address
0x1234, the same address as in Step 2.
- A script watching the mailbox [email protected] sees the request, and does the following:
a) it verifies the DKIM signature.
b) If correct, and looks for a matching HTTP session with
0x12345. If so, it uses javacsript to fill-in the DKIM signature.
- The user submits a second request using Metamask including the DKIM signature for the email address
- There’s now an ENS record for name
[email protected]to be controlled by address
- The mail-server of example.com will have to sign its DKIM signatures using algorithms that can be verified on-chain.
- The mail-server of example.com will always be take away your name by submitting a new proof for your email address to be associated with a new ethereum address. This obviously gives an email address of an ENS name a backdoor. But I’m not sure whether this is qualitatively different than the existing situation for DNS names. If you own
example.com, and if for whatever reason your registrar or the .com registry really didn’t like you, either one could always take away your ENS name of
example.com. With email address, the agents who could take away your name is simply expanded to include whoever controls the DKIM keys of your mail server.
- AFAIK, corporations often don’t protect their DKIM keys very carefully because of their limited utilty in anti-spam.
That’s all I got.