> > > - The old email address never becomes available for registration again. > > That is, email -> FxA user never changes from one user to another. > > We could certainly do this, but it's not clear to me what value it would > deliver or what it would guard against. >
My reasoning: devices (and potentially services) do, or must, sometimes use the email address as a unique identifier for a user. For example, the FxA on Android is named by email. A service like Bugzilla might similarly associate an external account with an FxA by email. If a new arrival can take a vacated email address, there is a chance that they can take ownership of a service, or get consumers into a very confusing state. If there's no benefit to taking ownership of a vacated account, then I'd argue it's unnecessary risk.
_______________________________________________ Dev-fxacct mailing list Dev-fxacct@mozilla.org https://mail.mozilla.org/listinfo/dev-fxacct
