W3C home > Mailing lists > Public > w3c-wai-gl@w3.org > July to September 2006

Re: accessibility of CAPTCHA

From: Jason White <jasonw@ariel.its.unimelb.edu.au>
Date: Tue, 12 Sep 2006 13:55:15 +1000
To: w3c-wai-gl@w3.org
Message-ID: <20060912035515.GA4336@jdc>
On Mon, Sep 11, 2006 at 08:57:39PM +0100, Gez Lemon wrote:
 
> I agree it's not good enough. The guidelines shouldn't encourage the
> use of something we know to be inaccessible with no hope of a
> solution; particularly when robots handle the CAPTCHAs a lot better
> than people - it just doesn't make sense.
I agree wholeheartedly.

The real solution is to use public-key infrastructure with digital signatures
to authenticate the origin of communication. There are different models of
public-key infrastructure suitable for different situations, including the
hierarchical model and the PGP "web of trust". There are already cryptographic
standards in place for e-mail and of course SSL/TLS can require a certificate as
part of the authentication process.

Public-key infrastructure wouldn't by itself distinguish between humans and
software tools, but it would enable you to know reliably whose identity was
being used, so that investigations could be carried out and the public key
revoked if necessary.


Received on Tuesday, 12 September 2006 03:55:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:47:46 GMT