Communication: Authentication Part II

The problem of authentication is basically this: how can we off-load the problem onto someone else that’s already doing authentication? I suggested last post charging credit cards using some credit card charging service that happens to verify billing addresses too (and, as Oxa pointed out in the comments, it’s fairly disenfranchising, although to be honest I don’t mind—Internet communication is already disenfranchising). Two more methods to consider are off-loading the verification to the postal service, or to the individuals.

Sending postcards to verify addresses– The recipient has to type in a random code in the postcard to verify that he got the postcard, i.e. that he’s at that address. (Oxa mentioned this, and I’ve seen it elsewhere.) I didn’t mention it because I assumed this would be too costly. Actually, that may not be so true. I’m just ballparking, but if the overhead of a credit card purchase is around 10 cents, and it costs 41 cents to mail a postcard, that’s not soooo different. But mailing a postcard has some additional overhead (printing the postcard (automagically), and manually schelpping postcards from a printer tray to an outgoing USPS mailbox). I also found a service that will verify phone number-address pairs, which is actually pretty close to what is needed — at around 40 cents per verification.

However, even these methods don’t get you all the way, because in fact we need more than address verification. We need verification or at least assurance that the person hasn’t verified before. You could limit the number of verifications per address, but there are some technical problems with that. The credit card method has the advantage that an individual can only verify as many times as the number of credit cards that he has, and that’s usually pretty limited.

There’s another route to consider, but this is a route tried before with no success as far as I’m aware. You can off-load the authentication problem to the users by creating a web of trust. User A does the work of authenticating users B, C, and D, User B authenticates E, F, and G, etc.. And then one just has to worry about how much you trust a small number of root users, rather than the whole community. But I don’t know if this has ever been a practical solution to anything.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s