Regarding the CAPTCHA discussion I would like to clarify one point: CAPTCHA is today used for against ballot stuffing or casual trolling/spam.
In the proposed pairing protocol, CAPTCHA (or perhaps other solutions) defeats someone who wants to disturb you by displaying a bogus pairing message on your phone. He/she won't obtain anything (footnote1). This is similar to knocking at the door of someone and running away. The attacker doesn't obtain anything (and may be identified if authentication can be required). He can do it if he wishes, but this is stupid. In our case this attack is even more stupid because the attacker also has to solve a difficult problem before disturbing someone. === Footnote1: You can push on the YES button by mistake and have your phone paired with a spammer. This could happen. (you can always avoid this problem by activating the reachable mode more carefully if you wish, it's your call. there are possibly many different usage models and user types.) However note that this a privacy solution. It helps privacy basically. Remote pairing, the proposed solution, also helps you change your phone number (for whatever reason) and stay reachable. Your friend will have to re-initiate pairing and solve again a CAPTCHA in this case before he/she can call you. pars ps: Sorry for continuing the discussion here I'm posting here because the CAPTCHA discussion started here. (I prefer moving to the list personally, if you subscribe one day :-) the number of subscribers is not enough for the moment) https://www1.ietf.org/mailman/listinfo/humanresolvers
_______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
