On Wed, Sep 17, 2014 at 12:54:09PM +0300, Jari Arkko wrote: > I was not personally aware of the captcha operation nor have I ever > seen it while accessing the IETF web site from various places. But > we can ask Ray to investigate if there are different, more suitable > settings. However, I?d note that being able to deal with some dos attacks > is actually a useful feature, and it is not unthinkable for the IETF > to be a target. So any defence tactic inconvenience should be weighted > against the risks and benefits. If captchas actually *were* a viable defense mechanism, then it might be reasonable to use them. But they ceased being so years ago, and are now deployed exclusively by those who either haven't been paying attention or those who studiously refuse to acknowledge reality. Some reading on this point (many of these contain links that lead to further useful material): Stanford researchers outsmart captcha codes http://www.physorg.com/news/2011-11-stanford-outsmart-captcha-codes.html CIntruder: pentesting tool to bypass captchas http://cintruder.sourceforge.net/ How a trio of hackers brought Google's reCAPTCHA to its knees http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/ Snapchat Account Registration CAPTCHA Defeated http://it.slashdot.org/story/14/01/23/2037201/snapchat-account-registration-captcha-defeated Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA http://arstechnica.com/news.ars/post/20080415-gone-in-60-seconds-spambot-cracks-livehotmail-captcha.html Troy Hunt: Breaking CAPTCHA with automated humans http://www.troyhunt.com/2012/01/breaking-captcha-with-automated-humans.html Now Even Photo CAPTCHAs Have Been Cracked/ http://it.slashdot.org/article.pl?sid=08/10/14/1442213 Cheap CAPTCHA Solving Changes the Security Game https://freedom-to-tinker.com/blog/felten/cheap-captcha-solving-changes-security-game/ Wiseguys Indicted in $25 Million Online Ticket Ring http://www.wired.com/threatlevel/2010/03/wiseguys-indicted/ Using captchas in 2014 is the security equivalent of Wile E. Coyote holding an umbrella over his head as an enormous boulder falls toward him: it's a pointless and futile gesture with zero actual value. ---rsk