1. Captchas are worthless security theater. If a given site is not a target, then of course they're not needed. If a given site is a target, then they will be bypassed at will by any modestly-talented, modestly-resourced attacker -- either with automation, with humans, or with a combination of the two. [1] In either case, they serve only to complicate site design/operation and to make life more difficult for people who *already* are facing difficulties. 2. If the goal (or one of the goals) here is to ensure that IETF content is accessible to everyone and remains so in the face of various attacks (and what *are* those, exactly?) then one simple and robust approach is to set up static mirrors *and* to enable rsync access so that anyone who wishes to can set up their own. ---rsk [1] A few (of many) items discussing this, in no particular order: Stanford researchers outsmart captcha codes http://www.physorg.com/news/2011-11-stanford-outsmart-captcha-codes.html CIntruder: pentesting tool to bypass captchas http://cintruder.sourceforge.net/ How a trio of hackers brought Google's reCAPTCHA to its knees http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/ Snapchat Account Registration CAPTCHA Defeated http://it.slashdot.org/story/14/01/23/2037201/snapchat-account-registration-captcha-defeated Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA http://arstechnica.com/news.ars/post/20080415-gone-in-60-seconds-spambot-cracks-livehotmail-captcha.html Troy Hunt: Breaking CAPTCHA with automated humans http://www.troyhunt.com/2012/01/breaking-captcha-with-automated-humans.html Now Even Photo CAPTCHAs Have Been Cracked http://it.slashdot.org/article.pl?sid=08/10/14/1442213 Cheap CAPTCHA Solving Changes the Security Game https://freedom-to-tinker.com/blog/felten/cheap-captcha-solving-changes-security-game/