Hello Florian XEP-0158 is not a good idea for Three reasons: First, CAPTCHA is no longer deemed a secure protection against bots (see Google's reCAPTCHA). Secondly, it doesn't solve the problem of IoT, with things not operated by humans. Thirdly, you don't want clients to have to implement support for other protocols, such as HTTP, to fetch images (or audio/video), which will make the solution impractical (or even impossible) on devices with limited Resources. Best regards, Peter Waher > Deprecating IBR is masking the SPAM problem but not solving it. I also > think that there is much need for an XMPP based registration mechanism. > > Why not improve and the missing pieces to IBR XEP instead of deprecating > it? It appears what IBR lacks is resistance against automated non-human > mass registrations. So why not make XEP-0158 ? 4. mandatory? > > - Florian
