July 25, 2003 | Category:

Digital Signatures

Simon Willison has been talking about comment authentication, even building a prototype (which seems to act a little flaky to me – but it is just a prototype). I like the idea, but it will always have trust issues and currently has a reasonably high entry barrier.

For one, you have to trust the server doing the authentication work and storage. If it is comprimised (either by the human running it or through technical means), then the whole system becomes worthless. This is obviously a big concern for such a comment authentication system, and one which is very difficult to overcome (although, I’m pretty sure Simon can be trusted).

The current implementation, however, has a high barrier entry. It requires that a person has an email address and control of a website. The former is not so much a problem, but the latter is. How many web users actually have a website? I’d imagine it’s a fairly small percentage. On this, the system severely falls down.

I’ll keep watching this one for when I eventually provide comments (hopefully not as far away as it could be).