Reply to post: Re: Since google pretty much control the browser market

W3C overrules objections by Google, Mozilla to decentralized identifier spec

Michael Wojcik Silver badge

Re: Since google pretty much control the browser market

Yes, but most authentication these days happens in interactive HTTP user agents – browsers. Browsers refusing to support DID will likely slow adoption. In practice, there will be a thousand DID Javascript libraries in npm by the end of the year, only 998 of which will be either horribly insecure or actively malicious, so we'll be seeing DID support in lots of web apps; but browser resistance will still be a drag on adoption.

I haven't looked at DID closely yet, but it seems fairly stupid on casual inspection. And, of course, we already have technologies deployed for identities that aren't tied to a single vendor and can be decentralized. Those (OpenPGP keys, X.509 in non-hierarchical PKIX arrangements) are also terrible, but they're the terrible we know.

Identity is a hard problem, and "mumble mumble something plus half-assed baby Merkle graphs!" is not likely to be a good solution.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon