Jeff-Relf.Me <@.> writes:
> Russ Allbery...
> Usenet could use some of your "authentication infrastructure", I suspect.
> Something like LinkedIn or Facebook, perhaps.
Yes, indeed. Distributed authentication is very hard, though. One of the
things that both netnews and email discovered is that if you don't design
the protocol for authentication in the first place, it's extremely
difficult to retrofit it in. It's also much easier to do all sorts of
authentication tricks if you centralize the service, since then part of
the system can see a global view of what's going on. Usenet doesn't offer
that.
There are interesting distributed authentication models (the PGP web of
trust and Monkeysphere built on top of it, the X.509 CA infrastructure,
and a few others), and even some ways in which you can integrate them into
Usenet (PGPMoose, which I still kind of want to write up in an
informational RFC for the record, or signcontrol, likewise, or the various
MIME standards for signed messages). But it's very difficult to change
the existing software base.
And even if you solve the distributed authentication problem, you run into
the distributed authorization problem, which is even harder.
It's a lot easier to handle this sort of thing in a workplace, where you
can make use of existing hierarchy and centralization.