Email verification protocol
21 days ago
- #privacy
- #email-verification
- #authentication
- Email verification is a common web activity to validate user email addresses and authenticate returning users.
- Traditional methods include sending verification links/codes (which can cause user drop-off) or using social logins (which require setup and user consent).
- The Email Verification Protocol allows verification without sending emails or leaving the webpage by delegating verification to an issuer.
- The protocol uses SD-JWT+KB tokens for secure, privacy-preserving email verification.
- Issuers are identified via DNS records and provide metadata for verification endpoints.
- The process involves browser mediation, token issuance, and verification without exposing user data to issuers.
- Privacy is enhanced as issuers don't learn which applications request verification.
- Future enhancements may include WebAuthN integration and alternative authentication methods.