On Tue, Mar 15, 2016 at 08:20:45AM +0000, Jari Arkko wrote:
The question: Yui: I was under the (perhaps mistaken) assumption that
ietf.org is generally accessible to everyone in the usual way, but that
some blacklisted nodes will have to go through a CAPTCHA process before
being able to continue. Is this so, or is there an experience that says
nodes are blocked and there isn?t even a possibility to go through a
CAPTCHA? Or is the problem that there is a CAPTCHA but you do not feel
that it is done in a way that is appropriate? Does all this relate to
http or https traffic?
1. Not everyone uses a web browser (with a GUI) to access every website.
Some people use text-only browsers like lynx or w3m, because they have
small resource requirements, small(er) attack surfaces, they conserve
bandwidth, and especially for sites like the IETF's, they (should) suffice
nicely.
2. Not everyone uses a web browser to access every website. Some folks
use wget or curl or similar tools, either to grab individual documents
of interest or perhaps to create local caches/mirrors. For people
on low-bandwidth connections (or with time-limited access to high-bandwidth
connections) this is an effective way to build and retain a local stash
of items-of-interest.
Neither of these work well with captchas, Javascript, etc.
There should be *no* requirement to enable Javascript or deal with
captchas (which, and see my other message upthread about this, are a
laughably poor "defense" mechanism) or provide tracking data to third
parties, when all someone wants to do is snag a copy of an RFC or read
an email thread or otherwise avail themselves of most (if not all) IETF
resources.
---rsk