1. It's thin on detail about how it actually works. For instance, it's supposed to send an email. Based on the best documentation available (which is the JS file) there's appears to be a mozilla web service involved here which does this. How are browsers going to be able to send an email in the future, when this feature supposedly becomes integrated in the browser and the need for a JS library goes away?
3. The identity assertions are validated by mozilla's web service. I could find no information about these assertions, or how to validate them yourself. But I did find multiple pages advertising a web service capable of doing this. I'm sure this part will also be documented eventually.
IMHO there should be specification first before a prototype. (If there is a specification, why isn't it linked prominently so that I could find it.) And as to #1, I guess the solution is that website authors expose some URL which sends emails to any given email address. Sounds like spambots are going to like this.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds