On 15.11.2015 17:18, Peter Waher wrote: > Hello Florian > > XEP-0158 is not a good idea for Three reasons: First, CAPTCHA is no > longer deemed a secure protection against bots (see Google's reCAPTCHA). > Secondly, it doesn't solve the problem of IoT, with things not operated > by humans. Thirdly, you don't want clients to have to implement support > for other protocols, such as HTTP, to fetch images (or audio/video), > which will make the solution impractical (or even impossible) on devices > with limited Resources.
Not if the goal is to prevent mass registration of non-human users. Some captcha like mechanisms still hold strong against automated registrations. Your IoT case is different. You have non-human XMPP clients. The question now is: How to distinguish "bad" clients from "good" ones trying to register. If I where to design an approach how those clients register an account with an XMPP server, then I would simply make the client require a secret token for registration. And this can already be done with XEP-0077. Or what is your idea how it should work? - Florian
signature.asc
Description: OpenPGP digital signature