On Tue, Mar 15, 2016 at 08:20:45AM +0000, Jari Arkko wrote: > The question: Yui: I was under the (perhaps mistaken) assumption that > ietf.org is generally accessible to everyone in the usual way, but that > some blacklisted nodes will have to go through a CAPTCHA process before > being able to continue. Is this so, or is there an experience that says > nodes are blocked and there isn?t even a possibility to go through a > CAPTCHA? Or is the problem that there is a CAPTCHA but you do not feel > that it is done in a way that is appropriate? Does all this relate to > http or https traffic? 1. Not everyone uses a web browser (with a GUI) to access every website. Some people use text-only browsers like lynx or w3m, because they have small resource requirements, small(er) attack surfaces, they conserve bandwidth, and especially for sites like the IETF's, they (should) suffice nicely. 2. Not everyone uses a web browser to access every website. Some folks use wget or curl or similar tools, either to grab individual documents of interest or perhaps to create local caches/mirrors. For people on low-bandwidth connections (or with time-limited access to high-bandwidth connections) this is an effective way to build and retain a local stash of items-of-interest. Neither of these work well with captchas, Javascript, etc. There should be *no* requirement to enable Javascript or deal with captchas (which, and see my other message upthread about this, are a laughably poor "defense" mechanism) or provide tracking data to third parties, when all someone wants to do is snag a copy of an RFC or read an email thread or otherwise avail themselves of most (if not all) IETF resources. ---rsk