Introduction to network trust establishment [interlude]

Part 1 of this series sketches out some basic structure underlying network trust establishment. I wanted to take a moment to comment on the motivating examples I've seen in the last couple of days…

As you know if you've been following this blog, we got spammed by an anonymous "commenter" this morning. Tonight, I hit the website for one of my favorite webcomics, Pinch of the Glass, only to find that the cool chatback box there had been hit for the second time by some spamming creep. Why can this happen? Why isn't identity and "login" permission enough to prevent this kind of thing?

There are several problems with identity and login as a trust mechanism. Here are four:

1. Identity evidence is too fine-grained to manage.
2. Current mechanisms for collecting and evaluating identity evidence are poor.
3. Login uses persistence of past identity as evidence of current identity. This evidence is low-quality and hard to collect properly.
4. Login alone does not provide adequate granularity of information to determine trust.