User Self Registration Security

Question:

Does someone know how one would secure a self-registration emai so that
no one but the email recipient could use the confirmation link. Assume
a scenario such as:

1 A User registers at a site and enters their email.
2 The website creates an account for the user and sends them a
confirmation email with an https link back to the website to confirm
the registration.
3 The user recieves the email, clicks on the link and the user is taken
to a web page where they finish registration.

How is the email link secured so that someone else cannot intercept the
email and register under the user's account an essentially steal there
identity.

are you asking how an email sent to a generic address can be sent securely?
And guarantee that no man-in-the-middle can intercept it and steal the account?

I'm pretty sure you can't do this with email. or at least with unencrypted email.

Its trivial if the users use PEM or PGP or GPG. Sadly, nobody uses them, and setting them up is not trivial. Sending secure email is why PEM and PGP were invented last century.

To make use of the account you'd still need to enter the password, right? Clicking the confirmation link just enables the account - it doesn't let the person do anything with it. So even if the email got intercepted, the attacker would also have had to intercept the original HTTPS traffic to know the password. That seems an unlikely scenario.

Originally posted by Roger Ball:
(..snip..)How is the email link secured so that someone else cannot intercept the email and register under the user's account an essentially steal ( an ) identity.

There is no such thing as secure email, anyone may read your email at any time with no protection by statute. See docs on PGP for a discussion of the mattter. The ONLY way to protect such is by full-house cryptographics.

In actuality there is no substantial diff between hypertext transfer and electronic mail transfer except that email is by design a store and forward system where http is a stateless browser. ( spare me, pro's - I am trying to simplifiy for clarity ) Going to email to verifiy https is tantamount to asking a stranger on the street to meet you later this evening with the keys to your house. One may not have a lot of pricey stuff in the front room, but that won't matter when you get home.....(duh)