[timothygold]

Another issue that I thought might be pointed out with this idea is...

If you need to interact with a reputation service of some kind for every new client connecting. That would require network calls and traffic correlating to the number of new inbound requests.

So you could DDOS a website by providing requests with junk public key's causing the server to consume resources checking whether those requests are genuine.

As a defense against scrapers and bots I think the idea has some merit. It may be replacing one form of DDOS for another if there is a targeted attack against the authentication bit.