- From: Jason White <jasonw@ariel.its.unimelb.edu.au>
- Date: Tue, 12 Sep 2006 13:55:15 +1000
- To: w3c-wai-gl@w3.org
- Message-ID: <20060912035515.GA4336@jdc>
On Mon, Sep 11, 2006 at 08:57:39PM +0100, Gez Lemon wrote: > I agree it's not good enough. The guidelines shouldn't encourage the > use of something we know to be inaccessible with no hope of a > solution; particularly when robots handle the CAPTCHAs a lot better > than people - it just doesn't make sense. I agree wholeheartedly. The real solution is to use public-key infrastructure with digital signatures to authenticate the origin of communication. There are different models of public-key infrastructure suitable for different situations, including the hierarchical model and the PGP "web of trust". There are already cryptographic standards in place for e-mail and of course SSL/TLS can require a certificate as part of the authentication process. Public-key infrastructure wouldn't by itself distinguish between humans and software tools, but it would enable you to know reliably whose identity was being used, so that investigations could be carried out and the public key revoked if necessary.
Received on Tuesday, 12 September 2006 03:55:26 UTC