mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-25 02:32:18 -05:00
1.0 DRAFT
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@2197 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
parent
0cce11fd49
commit
cde876944e
136
xep-0158.xml
136
xep-0158.xml
@ -10,7 +10,7 @@
|
|||||||
<abstract>This document specifies an XMPP protocol extension that entities may use to discover whether the sender of an XML stanza is a human user or a robot.</abstract>
|
<abstract>This document specifies an XMPP protocol extension that entities may use to discover whether the sender of an XML stanza is a human user or a robot.</abstract>
|
||||||
&LEGALNOTICE;
|
&LEGALNOTICE;
|
||||||
<number>0158</number>
|
<number>0158</number>
|
||||||
<status>Proposed</status>
|
<status>Draft</status>
|
||||||
<type>Standards Track</type>
|
<type>Standards Track</type>
|
||||||
<sig>Standards</sig>
|
<sig>Standards</sig>
|
||||||
<dependencies>
|
<dependencies>
|
||||||
@ -22,9 +22,18 @@
|
|||||||
</dependencies>
|
</dependencies>
|
||||||
<supersedes>None</supersedes>
|
<supersedes>None</supersedes>
|
||||||
<supersededby>None</supersededby>
|
<supersededby>None</supersededby>
|
||||||
<shortname>NOT_YET_ASSIGNED</shortname>
|
<shortname>captcha</shortname>
|
||||||
|
<schemaloc>
|
||||||
|
<url>http://www.xmpp.org/schemas/captcha.xsd</url>
|
||||||
|
</schemaloc>
|
||||||
&ianpaterson;
|
&ianpaterson;
|
||||||
&stpeter;
|
&stpeter;
|
||||||
|
<revision>
|
||||||
|
<version>1.0</version>
|
||||||
|
<date>2008-09-03</date>
|
||||||
|
<initials>psa</initials>
|
||||||
|
<remark><p>Per a vote of the XMPP Council, advanced status to Draft; concurrently, the XMPP Registrar issued the urn:xmpp:captcha namespace; also changed element name from challenge to captcha to match the namespace name.</p></remark>
|
||||||
|
</revision>
|
||||||
<revision>
|
<revision>
|
||||||
<version>0.11</version>
|
<version>0.11</version>
|
||||||
<date>2008-08-06</date>
|
<date>2008-08-06</date>
|
||||||
@ -137,16 +146,16 @@
|
|||||||
<p>The challange stanza consists of an XMPP &MESSAGE; stanza containing a data form for the sender to fill out, formatted according to &xep0004;, optionally along with a &BODY; and other elements. The following rules apply to the challenge stanza.</p>
|
<p>The challange stanza consists of an XMPP &MESSAGE; stanza containing a data form for the sender to fill out, formatted according to &xep0004;, optionally along with a &BODY; and other elements. The following rules apply to the challenge stanza.</p>
|
||||||
<ol>
|
<ol>
|
||||||
<li>The challenge stanza MUST include an 'id' attribute set to the challenge ID (i.e., a unique identifier for this challenge within the challenger's application).</li>
|
<li>The challenge stanza MUST include an 'id' attribute set to the challenge ID (i.e., a unique identifier for this challenge within the challenger's application).</li>
|
||||||
<li>The challenge stanza SHOULD include a &BODY; element that provides an explanation of the challenge for clients that do not yet support challenge forms.</li>
|
<li>The challenge stanza SHOULD include a &BODY; element that provides an explanation of the challenge for clients that do not yet support CAPTCHA forms.</li>
|
||||||
<li>The challenge stanza MAY include a URL (typically a Web page with instructions) using &xep0066; as an alternative for clients that do not yet support challenge forms.</li>
|
<li>The challenge stanza MAY include a URL (typically a Web page with instructions) using &xep0066; as an alternative for clients that do not yet support CAPTCHA forms.</li>
|
||||||
<li>The 'xml:lang' attribute of the challenge stanza SHOULD be the same as the one received from the sender, if any.</li>
|
<li>The 'xml:lang' attribute of the challenge stanza SHOULD be the same as the one received from the sender, if any.</li>
|
||||||
<li>The challenge stanza MUST include a challenge form, i.e., a data form of type "form" containing one or more challenges. <note>Inclusion of a challenge form not only makes it possible to flexibly support or require a large number of challenge types, but also enables constrained clients to respond to challenges (e.g., mobile phone clients that cannot present web pages, or clients on XMPP-only networks).</note></li>
|
<li>The challenge stanza MUST include a CAPTCHA form, i.e., a data form of type "form" containing one or more challenges. <note>Inclusion of a CAPTCHA form not only makes it possible to flexibly support or require a large number of challenge types, but also enables constrained clients to respond to challenges (e.g., mobile phone clients that cannot present web pages, or clients on XMPP-only networks).</note></li>
|
||||||
<li>The challenge form MUST include a hidden field named "FORM_TYPE" (in accordance with &xep0068;) whose value MUST be "urn:xmpp:tmp:challenge" &NSNOTE;.</li>
|
<li>The CAPTCHA form MUST include a hidden field named "FORM_TYPE" (in accordance with &xep0068;) whose value MUST be "urn:xmpp:captcha".</li>
|
||||||
<li>The challenge form MUST include a hidden field named "cid" set to the challenge ID.</li>
|
<li>The CAPTCHA form MUST include a hidden field named "cid" set to the challenge ID.</li>
|
||||||
<li>The challenge form MUST include a hidden field named "from" set to the value of the 'to' attribute from the triggering stanza.</li>
|
<li>The CAPTCHA form MUST include a hidden field named "from" set to the value of the 'to' attribute from the triggering stanza.</li>
|
||||||
<li>If the triggering stanza included an 'id' attribute, then the challenge form MUST include a hidden field named "sid" set to that value.</li>
|
<li>If the triggering stanza included an 'id' attribute, then the CAPTCHA form MUST include a hidden field named "sid" set to that value.</li>
|
||||||
<li>Each of the challenge form's non-hidden <field/> elements MAY contain a different challenge.</li>
|
<li>Each of the CAPTCHA form's non-hidden <field/> elements MAY contain a different challenge.</li>
|
||||||
<li>Each challenge field MAY contain a media element (see &xep0221;) that in turn contains media (and/or a pointer to media) that the sender shall use in solving puzzles, performing optical character recognition, identifying audio or video samples, etc. When the sender replies to a media element via a data form of type "submit", the field type SHOULD be "text-single" (which is the default for data form fields) but MAY in turn include a media element if acceptable to the challenger application.</li>
|
<li>Each CAPTCHA field MAY contain a media element (see &xep0221;) that in turn contains a pointer to media that the sender shall use in solving puzzles, performing optical character recognition, identifying audio or video samples, etc. When the sender replies to a media element via a data form of type "submit", the field type SHOULD be "text-single" (which is the default for data form fields) but MAY in turn include a media element if acceptable to the challenger application.</li>
|
||||||
</ol>
|
</ol>
|
||||||
<example caption='Challenger Offers a Choice of Challenges to Sender'><![CDATA[
|
<example caption='Challenger Offers a Choice of Challenges to Sender'><![CDATA[
|
||||||
<message from='victim.com'
|
<message from='victim.com'
|
||||||
@ -160,16 +169,16 @@
|
|||||||
<x xmlns='jabber:x:oob'>
|
<x xmlns='jabber:x:oob'>
|
||||||
<url>http://www.victim.com/challenge.html?F3A6292C</url>
|
<url>http://www.victim.com/challenge.html?F3A6292C</url>
|
||||||
</x>
|
</x>
|
||||||
<challenge xmlns='urn:xmpp:tmp:challenge'>
|
<captcha xmlns='urn:xmpp:captcha'>
|
||||||
<x xmlns='jabber:x:data' type='form'>
|
<x xmlns='jabber:x:data' type='form'>
|
||||||
<field type='hidden' var='FORM_TYPE'>
|
<field type='hidden' var='FORM_TYPE'>
|
||||||
<value>urn:xmpp:tmp:challenge</value>
|
<value>urn:xmpp:captcha</value>
|
||||||
</field>
|
</field>
|
||||||
<field type='hidden' var='from'><value>innocent@victim.com</value></field>
|
<field type='hidden' var='from'><value>innocent@victim.com</value></field>
|
||||||
<field type='hidden' var='challenge'><value>F3A6292C</value></field>
|
<field type='hidden' var='challenge'><value>F3A6292C</value></field>
|
||||||
<field type='hidden' var='sid'><value>spam1</value></field>
|
<field type='hidden' var='sid'><value>spam1</value></field>
|
||||||
<field var='ocr' label='Enter the text you see'>
|
<field var='ocr' label='Enter the text you see'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'
|
<media xmlns='urn:xmpp:media-element'
|
||||||
height='80'
|
height='80'
|
||||||
width='290'>
|
width='290'>
|
||||||
<uri type='image/jpeg'>
|
<uri type='image/jpeg'>
|
||||||
@ -181,7 +190,7 @@
|
|||||||
</media>
|
</media>
|
||||||
</field>
|
</field>
|
||||||
<field var='picture_recog' label='Identify the picture'>
|
<field var='picture_recog' label='Identify the picture'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'
|
<media xmlns='urn:xmpp:media-element'
|
||||||
height='150'
|
height='150'
|
||||||
width='150'>
|
width='150'>
|
||||||
<uri type='image/jpeg'>
|
<uri type='image/jpeg'>
|
||||||
@ -193,7 +202,7 @@
|
|||||||
</media>
|
</media>
|
||||||
</field>
|
</field>
|
||||||
<field var='speech_recog' label='Enter the words you hear'>
|
<field var='speech_recog' label='Enter the words you hear'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'>
|
<media xmlns='urn:xmpp:media-element'>
|
||||||
<uri type='audio/x-wav'>
|
<uri type='audio/x-wav'>
|
||||||
http://www.victim.com/challenges/speech.wav?F3A6292C
|
http://www.victim.com/challenges/speech.wav?F3A6292C
|
||||||
</uri>
|
</uri>
|
||||||
@ -203,7 +212,7 @@
|
|||||||
</media>
|
</media>
|
||||||
</field>
|
</field>
|
||||||
<field var='video_recog' label='Identity the video'>
|
<field var='video_recog' label='Identity the video'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'
|
<media xmlns='urn:xmpp:media-element'
|
||||||
height='150'
|
height='150'
|
||||||
width='150'>
|
width='150'>
|
||||||
<uri type='video/mpeg'>
|
<uri type='video/mpeg'>
|
||||||
@ -214,7 +223,7 @@
|
|||||||
<field label='Type the color of a stop light' type='text-single' var='qa'/>
|
<field label='Type the color of a stop light' type='text-single' var='qa'/>
|
||||||
<field label='93C7A' type='text-single' var='SHA-256'/>
|
<field label='93C7A' type='text-single' var='SHA-256'/>
|
||||||
</x>
|
</x>
|
||||||
</challenge>
|
</captcha>
|
||||||
</message>
|
</message>
|
||||||
]]></example>
|
]]></example>
|
||||||
<p>The sender then would retrieve the media data via HTTP or (for the cid: URIs) via XMPP as described in &xep0231;.</p>
|
<p>The sender then would retrieve the media data via HTTP or (for the cid: URIs) via XMPP as described in &xep0231;.</p>
|
||||||
@ -226,9 +235,9 @@
|
|||||||
<li>If it has not recently sent (e.g., in the last two minutes) a stanza to the JID specified in the 'from' field of the form with the 'id' specified in the 'sid' field (or with no 'id' if no 'sid' field is included). <note>Otherwise the user's presence would be disclosed, or a robot might dupe the user into providing answers to other people's challenges!</note></li>
|
<li>If it has not recently sent (e.g., in the last two minutes) a stanza to the JID specified in the 'from' field of the form with the 'id' specified in the 'sid' field (or with no 'id' if no 'sid' field is included). <note>Otherwise the user's presence would be disclosed, or a robot might dupe the user into providing answers to other people's challenges!</note></li>
|
||||||
<li>If the 'from' attribute of the challenge stanza does not match the 'from' field of the form. (If the values are different, then they still match if the bare JIDs are the same, or if the 'from' attribute is the domain of the other JID.)</li>
|
<li>If the 'from' attribute of the challenge stanza does not match the 'from' field of the form. (If the values are different, then they still match if the bare JIDs are the same, or if the 'from' attribute is the domain of the other JID.)</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>Otherwise, if the challenger provided a URL using <cite>Out-of-Band Data</cite>, then the sender's client MAY present the URL to the sender, instead of responding to the challenge form, in any of the following cases:</p>
|
<p>Otherwise, if the challenger provided a URL using <cite>Out-of-Band Data</cite>, then the sender's client MAY present the URL to the sender, instead of responding to the CAPTCHA form, in any of the following cases:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>if it does not understand the challenge form</li>
|
<li>if it does not understand the CAPTCHA form</li>
|
||||||
<li>if it does not support all of the <em>required</em> challenges (see <link url='#protocol-multiple'>Multiple Challenges</link>)</li>
|
<li>if it does not support all of the <em>required</em> challenges (see <link url='#protocol-multiple'>Multiple Challenges</link>)</li>
|
||||||
<li>if it does not support enough of the challenges (see <link url='#protocol-multiple'>Multiple Challenges</link>)</li>
|
<li>if it does not support enough of the challenges (see <link url='#protocol-multiple'>Multiple Challenges</link>)</li>
|
||||||
</ul>
|
</ul>
|
||||||
@ -257,17 +266,17 @@
|
|||||||
to='victim.com'
|
to='victim.com'
|
||||||
xml:lang='en'
|
xml:lang='en'
|
||||||
id='z140r0s'>
|
id='z140r0s'>
|
||||||
<challenge xmlns='urn:xmpp:tmp:challenge'>
|
<captcha xmlns='urn:xmpp:captcha'>
|
||||||
<x xmlns='jabber:x:data' type='submit'>
|
<x xmlns='jabber:x:data' type='submit'>
|
||||||
<field var='FORM_TYPE'>
|
<field var='FORM_TYPE'>
|
||||||
<value>urn:xmpp:tmp:challenge</value>
|
<value>urn:xmpp:captcha</value>
|
||||||
</field>
|
</field>
|
||||||
<field var='from'><value>innocent@victim.com</value></field>
|
<field var='from'><value>innocent@victim.com</value></field>
|
||||||
<field var='challenge'><value>F3A6292C</value></field>
|
<field var='challenge'><value>F3A6292C</value></field>
|
||||||
<field var='sid'><value>spam1</value></field>
|
<field var='sid'><value>spam1</value></field>
|
||||||
<field var='ocr'><value>7nHL3</value></field>
|
<field var='ocr'><value>7nHL3</value></field>
|
||||||
</x>
|
</x>
|
||||||
</challenge>
|
</captcha>
|
||||||
</iq>
|
</iq>
|
||||||
]]></example>
|
]]></example>
|
||||||
</section3>
|
</section3>
|
||||||
@ -319,17 +328,17 @@
|
|||||||
id='73DE28A2'>
|
id='73DE28A2'>
|
||||||
<body>Your messages to innocent@victim.com are being blocked.
|
<body>Your messages to innocent@victim.com are being blocked.
|
||||||
To unblock them, ask innocent@victim.com to send you a message.</body>
|
To unblock them, ask innocent@victim.com to send you a message.</body>
|
||||||
<challenge xmlns='urn:xmpp:tmp:challenge'>
|
<captcha xmlns='urn:xmpp:captcha'>
|
||||||
<x xmlns='jabber:x:data' type='form'>
|
<x xmlns='jabber:x:data' type='form'>
|
||||||
<field type='hidden' var='FORM_TYPE'>
|
<field type='hidden' var='FORM_TYPE'>
|
||||||
<value>urn:xmpp:tmp:challenge</value>
|
<value>urn:xmpp:captcha</value>
|
||||||
</field>
|
</field>
|
||||||
<field type='hidden' var='from'><value>innocent@victim.com</value></field>
|
<field type='hidden' var='from'><value>innocent@victim.com</value></field>
|
||||||
<field type='hidden' var='challenge'><value>73DE28A2</value></field>
|
<field type='hidden' var='challenge'><value>73DE28A2</value></field>
|
||||||
<field type='hidden' var='sid'><value>spam2</value></field>
|
<field type='hidden' var='sid'><value>spam2</value></field>
|
||||||
<field type='hidden' var='answers'><value>2</value></field>
|
<field type='hidden' var='answers'><value>2</value></field>
|
||||||
<field var='ocr' label='Enter the text you see'>
|
<field var='ocr' label='Enter the text you see'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'
|
<media xmlns='urn:xmpp:media-element'
|
||||||
height='80'
|
height='80'
|
||||||
width='290'>
|
width='290'>
|
||||||
<uri type='image/jpeg'>
|
<uri type='image/jpeg'>
|
||||||
@ -341,7 +350,7 @@
|
|||||||
</media>
|
</media>
|
||||||
</field>
|
</field>
|
||||||
<field var='audio_recog' label='Describe the sound you hear'>
|
<field var='audio_recog' label='Describe the sound you hear'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'>
|
<media xmlns='urn:xmpp:media-element'>
|
||||||
<uri type='audio/x-wav'>
|
<uri type='audio/x-wav'>
|
||||||
http://www.victim.com/challenges/audio.wav?F3A6292C
|
http://www.victim.com/challenges/audio.wav?F3A6292C
|
||||||
</uri>
|
</uri>
|
||||||
@ -352,7 +361,7 @@
|
|||||||
</field>
|
</field>
|
||||||
<field label='e03d7' type='text-single' var='SHA-256'/>
|
<field label='e03d7' type='text-single' var='SHA-256'/>
|
||||||
</x>
|
</x>
|
||||||
</challenge>
|
</captcha>
|
||||||
</message>
|
</message>
|
||||||
]]></example>
|
]]></example>
|
||||||
|
|
||||||
@ -363,10 +372,10 @@
|
|||||||
to='victim.com'
|
to='victim.com'
|
||||||
xml:lang='en'
|
xml:lang='en'
|
||||||
id='73DE28A2'>
|
id='73DE28A2'>
|
||||||
<challenge xmlns='urn:xmpp:tmp:challenge'>
|
<captcha xmlns='urn:xmpp:captcha'>
|
||||||
<x xmlns='jabber:x:data' type='submit'>
|
<x xmlns='jabber:x:data' type='submit'>
|
||||||
<field var='FORM_TYPE'>
|
<field var='FORM_TYPE'>
|
||||||
<value>urn:xmpp:tmp:challenge</value>
|
<value>urn:xmpp:captcha</value>
|
||||||
</field>
|
</field>
|
||||||
<field var='from'><value>innocent@victim.com</value></field>
|
<field var='from'><value>innocent@victim.com</value></field>
|
||||||
<field var='challenge'><value>73DE28A2</value></field>
|
<field var='challenge'><value>73DE28A2</value></field>
|
||||||
@ -375,7 +384,7 @@
|
|||||||
<field var='qa'><value>red</value></field>
|
<field var='qa'><value>red</value></field>
|
||||||
<field var='SHA-256'><value>innocent@victim.com2450F06C173B05E3</value></field>
|
<field var='SHA-256'><value>innocent@victim.com2450F06C173B05E3</value></field>
|
||||||
</x>
|
</x>
|
||||||
</challenge>
|
</captcha>
|
||||||
</iq>
|
</iq>
|
||||||
]]></example>
|
]]></example>
|
||||||
<p>The challenger MAY decide the sender has passed a challenge even if the responses are not all perfectly correct.</p>
|
<p>The challenger MAY decide the sender has passed a challenge even if the responses are not all perfectly correct.</p>
|
||||||
@ -390,19 +399,19 @@
|
|||||||
<query xmlns='jabber:iq:register'/>
|
<query xmlns='jabber:iq:register'/>
|
||||||
</iq>
|
</iq>
|
||||||
]]></example>
|
]]></example>
|
||||||
<p>Note that the challenge form MUST be inside the &QUERY; element, and the server's challenge ID is specified within the form:</p>
|
<p>Note that the CAPTCHA form MUST be inside the &QUERY; element, and the server's challenge ID is specified within the form:</p>
|
||||||
<example caption='Host Returns Registration and Challenge Fields to Entity'><![CDATA[
|
<example caption='Host Returns Registration and Challenge Fields to Entity'><![CDATA[
|
||||||
<iq type='result' xml:lang='en' id='reg1'>
|
<iq type='result' xml:lang='en' id='reg1'>
|
||||||
<query xmlns='jabber:iq:register'>
|
<query xmlns='jabber:iq:register'>
|
||||||
<x xmlns='jabber:x:data' type='form'>
|
<x xmlns='jabber:x:data' type='form'>
|
||||||
<field type='hidden' var='FORM_TYPE'>
|
<field type='hidden' var='FORM_TYPE'>
|
||||||
<value>urn:xmpp:tmp:challenge</value>
|
<value>urn:xmpp:captcha</value>
|
||||||
</field>
|
</field>
|
||||||
<field type='hidden' var='challenge'><value>F3A6292C</value></field>
|
<field type='hidden' var='challenge'><value>F3A6292C</value></field>
|
||||||
<field type='hidden' var='sid'><value>reg1</value></field>
|
<field type='hidden' var='sid'><value>reg1</value></field>
|
||||||
<field type='hidden' var='answers'><value>3</value></field>
|
<field type='hidden' var='answers'><value>3</value></field>
|
||||||
<field var='ocr' label='Enter the text you see'>
|
<field var='ocr' label='Enter the text you see'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'
|
<media xmlns='urn:xmpp:media-element'
|
||||||
height='80'
|
height='80'
|
||||||
width='290'>
|
width='290'>
|
||||||
<uri type='image/jpeg'>
|
<uri type='image/jpeg'>
|
||||||
@ -433,7 +442,7 @@
|
|||||||
<query xmlns='jabber:iq:register'>
|
<query xmlns='jabber:iq:register'>
|
||||||
<x xmlns='jabber:x:data' type='result'>
|
<x xmlns='jabber:x:data' type='result'>
|
||||||
<field var='FORM_TYPE'>
|
<field var='FORM_TYPE'>
|
||||||
<value>urn:xmpp:tmp:challenge</value>
|
<value>urn:xmpp:captcha</value>
|
||||||
</field>
|
</field>
|
||||||
<field var='challenge'><value>F3A6292C</value></field>
|
<field var='challenge'><value>F3A6292C</value></field>
|
||||||
<field var='sid'><value>reg1</value></field>
|
<field var='sid'><value>reg1</value></field>
|
||||||
@ -464,15 +473,15 @@
|
|||||||
<x xmlns='jabber:x:oob'>
|
<x xmlns='jabber:x:oob'>
|
||||||
<url>http://www.victim.com/challenge.html?A4C7303D</url>
|
<url>http://www.victim.com/challenge.html?A4C7303D</url>
|
||||||
</x>
|
</x>
|
||||||
<challenge xmlns='urn:xmpp:tmp:challenge'>
|
<captcha xmlns='urn:xmpp:captcha'>
|
||||||
<x xmlns='jabber:x:data' type='form'>
|
<x xmlns='jabber:x:data' type='form'>
|
||||||
<field type='hidden' var='FORM_TYPE'>
|
<field type='hidden' var='FORM_TYPE'>
|
||||||
<value>urn:xmpp:tmp:challenge</value>
|
<value>urn:xmpp:captcha</value>
|
||||||
</field>
|
</field>
|
||||||
<field type='hidden' var='from'><value>friendly-chat@muc.victim.com</value></field>
|
<field type='hidden' var='from'><value>friendly-chat@muc.victim.com</value></field>
|
||||||
<field type='hidden' var='challenge'><value>A4C7303D</value></field>
|
<field type='hidden' var='challenge'><value>A4C7303D</value></field>
|
||||||
<field var='ocr' label='Enter the text you see'>
|
<field var='ocr' label='Enter the text you see'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'
|
<media xmlns='urn:xmpp:media-element'
|
||||||
height='80'
|
height='80'
|
||||||
width='290'>
|
width='290'>
|
||||||
<uri type='image/jpeg'>
|
<uri type='image/jpeg'>
|
||||||
@ -481,7 +490,7 @@
|
|||||||
</media>
|
</media>
|
||||||
</field>
|
</field>
|
||||||
<field var='picture_recog' label='Identify the picture'>
|
<field var='picture_recog' label='Identify the picture'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'
|
<media xmlns='urn:xmpp:media-element'
|
||||||
height='150'
|
height='150'
|
||||||
width='150'>
|
width='150'>
|
||||||
<uri type='image/jpeg'>
|
<uri type='image/jpeg'>
|
||||||
@ -493,7 +502,7 @@
|
|||||||
</media>
|
</media>
|
||||||
</field>
|
</field>
|
||||||
<field var='speech_recog' label='Enter the words you hear'>
|
<field var='speech_recog' label='Enter the words you hear'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'>
|
<media xmlns='urn:xmpp:media-element'>
|
||||||
<uri type='audio/x-wav'>
|
<uri type='audio/x-wav'>
|
||||||
http://www.victim.com/challenges/speech.wav?A4C7303D
|
http://www.victim.com/challenges/speech.wav?A4C7303D
|
||||||
</uri>
|
</uri>
|
||||||
@ -503,7 +512,7 @@
|
|||||||
</media>
|
</media>
|
||||||
</field>
|
</field>
|
||||||
<field var='video_recog' label='Identity the video'>
|
<field var='video_recog' label='Identity the video'>
|
||||||
<media xmlns='urn:xmpp:tmp:media-element'
|
<media xmlns='urn:xmpp:media-element'
|
||||||
height='150'
|
height='150'
|
||||||
width='150'>
|
width='150'>
|
||||||
<uri type='video/mpeg'>
|
<uri type='video/mpeg'>
|
||||||
@ -514,7 +523,7 @@
|
|||||||
<field label='Type the color of a stop light' type='text-single' var='qa'/>
|
<field label='Type the color of a stop light' type='text-single' var='qa'/>
|
||||||
<field label='93C7A' type='text-single' var='SHA-256'/>
|
<field label='93C7A' type='text-single' var='SHA-256'/>
|
||||||
</x>
|
</x>
|
||||||
</challenge>
|
</captcha>
|
||||||
</message>
|
</message>
|
||||||
]]></example>
|
]]></example>
|
||||||
</section1>
|
</section1>
|
||||||
@ -616,10 +625,10 @@
|
|||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
<section1 topic='Question and Answer for Legacy Clients' anchor='legacy'>
|
<section1 topic='Question and Answer for Legacy Clients' anchor='legacy'>
|
||||||
<p>A challenger MAY provide a text question in the &BODY; element of a challenge stanza for clients that do not support challenge forms. Entities that cannot serve <cite>Out-of-Band Data</cite> URLs MAY use this option to challenge legacy clients.</p>
|
<p>A challenger MAY provide a text question in the &BODY; element of a challenge stanza for clients that do not support CAPTCHA forms. Entities that cannot serve <cite>Out-of-Band Data</cite> URLs MAY use this option to challenge legacy clients.</p>
|
||||||
<!-- It also allows entities to provide a challenge for minimal legacy clients that do not support <cite>Out-of-Band Data</cite> URLs (these don't exist). -->
|
<!-- It also allows entities to provide a challenge for minimal legacy clients that do not support <cite>Out-of-Band Data</cite> URLs (these don't exist). -->
|
||||||
<p>Note: Robots always attempt the easiest challenge they are offered. So the question MUST be at least as difficult for a robot as the challenge form.</p>
|
<p>Note: Robots always attempt the easiest challenge they are offered. So the question MUST be at least as difficult for a robot as the CAPTCHA form.</p>
|
||||||
<p>Note: Even if it provides a text question in the &BODY; element, a challenger MUST always provide a challenge form.</p>
|
<p>Note: Even if it provides a text question in the &BODY; element, a challenger MUST always provide a CAPTCHA form.</p>
|
||||||
<example caption='Challenger Includes a Legacy Challenge'><![CDATA[
|
<example caption='Challenger Includes a Legacy Challenge'><![CDATA[
|
||||||
<message from='innocent@victim.com/pda'
|
<message from='innocent@victim.com/pda'
|
||||||
to='robot@abuser.com/zombie'
|
to='robot@abuser.com/zombie'
|
||||||
@ -627,10 +636,10 @@
|
|||||||
id='F3A6292C'>
|
id='F3A6292C'>
|
||||||
<body>Your messages to me are being blocked. To unblock them,
|
<body>Your messages to me are being blocked. To unblock them,
|
||||||
reply with the color of a stop light followed by 'F3A6292C'.</body>
|
reply with the color of a stop light followed by 'F3A6292C'.</body>
|
||||||
<challenge xmlns='urn:xmpp:tmp:challenge'>
|
<captcha xmlns='urn:xmpp:captcha'>
|
||||||
<x xmlns='jabber:x:data' type='form'>
|
<x xmlns='jabber:x:data' type='form'>
|
||||||
<field type='hidden' var='FORM_TYPE'>
|
<field type='hidden' var='FORM_TYPE'>
|
||||||
<value>urn:xmpp:tmp:challenge</value>
|
<value>urn:xmpp:captcha</value>
|
||||||
</field>
|
</field>
|
||||||
<field type='hidden' var='from'><value>innocent@victim.com</value></field>
|
<field type='hidden' var='from'><value>innocent@victim.com</value></field>
|
||||||
<field type='hidden' var='challenge'><value>F3A6292C</value></field>
|
<field type='hidden' var='challenge'><value>F3A6292C</value></field>
|
||||||
@ -638,7 +647,7 @@
|
|||||||
<field label='Type the color of a stop light' type='text-single' var='qa'/>
|
<field label='Type the color of a stop light' type='text-single' var='qa'/>
|
||||||
<field label='93C7A' type='text-single' var='SHA-256'/>
|
<field label='93C7A' type='text-single' var='SHA-256'/>
|
||||||
</x>
|
</x>
|
||||||
</challenge>
|
</captcha>
|
||||||
</message>
|
</message>
|
||||||
]]></example>
|
]]></example>
|
||||||
<p>Legacy clients respond to the challenger using a &MESSAGE; stanza (not an &IQ;).</p>
|
<p>Legacy clients respond to the challenger using a &MESSAGE; stanza (not an &IQ;).</p>
|
||||||
@ -685,7 +694,7 @@
|
|||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
<section1 topic='Security Considerations' anchor='sec'>
|
<section1 topic='Security Considerations' anchor='sec'>
|
||||||
<p>The use of robot challenges is not a panacea, and should be combined with other anti-abuse mechanisms, such as those described in <cite>XEP-0161</cite> and <cite>XEP-0205</cite>. For example, the task of finding solutions to CAPTCHAs and other computational puzzles is becoming easier for computer programs, and in any case can be farmed out to third parties. Therefore challengers should limit the number of triggering stanzas (e.g., registration attempts, subscription requests, or chatroom joins) allowed per JabberID or IP address during any given time period, and may simply refuse repeated stanzas by terminating an XML stream with a &policy; stream error or returning a ¬acceptable; stanza error as appropriate. In addition, a challenger should feel free to deploy additional anti-abuse mechanisms as needed.</p>
|
<p>The use of CAPTCHAs is not a panacea, and should be combined with other anti-abuse mechanisms, such as those described in <cite>XEP-0161</cite> and <cite>XEP-0205</cite>. For example, the task of finding solutions to CAPTCHAs and other computational puzzles is becoming easier for computer programs, and in any case can be farmed out to third parties. Therefore challengers should limit the number of triggering stanzas (e.g., registration attempts, subscription requests, or chatroom joins) allowed per JabberID or IP address during any given time period, and may simply refuse repeated stanzas by terminating an XML stream with a &policy; stream error or returning a ¬acceptable; stanza error as appropriate. In addition, a challenger should feel free to deploy additional anti-abuse mechanisms as needed.</p>
|
||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
<section1 topic='IANA Considerations' anchor='iana'>
|
<section1 topic='IANA Considerations' anchor='iana'>
|
||||||
@ -694,16 +703,16 @@
|
|||||||
|
|
||||||
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
|
<section1 topic='XMPP Registrar Considerations' anchor='registrar'>
|
||||||
<section2 topic='Protocol Namespaces' anchor='ns'>
|
<section2 topic='Protocol Namespaces' anchor='ns'>
|
||||||
<p>Until this specification advances to a status of Draft, its associated namespace shall be "http://www.xmpp.org/extensions/xep-00158.html#ns"; upon advancement of this specification, the ®ISTRAR; shall issue a permanent namespace in accordance with the process defined in Section 4 of &xep0053;.</p>
|
<p>The ®ISTRAR; includes "urn:xmpp:captcha" in its registry of protocol namespaces (see &NAMESPACES;).</p>
|
||||||
</section2>
|
</section2>
|
||||||
<section2 topic='Field Standardization' anchor='registrar-formtypes'>
|
<section2 topic='Field Standardization' anchor='registrar-formtypes'>
|
||||||
<section3 topic='challenge FORM_TYPE' anchor='registrar-formtypes-challenge'>
|
<section3 topic='CAPTCHA FORM_TYPE' anchor='registrar-formtypes-captcha'>
|
||||||
<p>Upon approval of this document, the <cite>XMPP Registrar</cite> shall register the following new FORM_TYPE. Additional fields will be defined in future submissions.</p>
|
<p>The <cite>XMPP Registrar</cite> registers following FORM_TYPE. Additional fields might be defined in future submissions.</p>
|
||||||
<code><![CDATA[
|
<code><![CDATA[
|
||||||
<form_type>
|
<form_type>
|
||||||
<name>urn:xmpp:tmp:challenge</name>
|
<name>urn:xmpp:captcha</name>
|
||||||
<doc>XEP-0158</doc>
|
<doc>XEP-0158</doc>
|
||||||
<desc>forms enabling robot challenges</desc>
|
<desc>Forms enabling the use of CAPTCHAs.</desc>
|
||||||
<field
|
<field
|
||||||
var='answers'
|
var='answers'
|
||||||
type='hidden'
|
type='hidden'
|
||||||
@ -764,7 +773,7 @@
|
|||||||
]]></code>
|
]]></code>
|
||||||
</section3>
|
</section3>
|
||||||
<section3 topic='jabber:iq:register FORM_TYPE' anchor='registrar-formtypes-register'>
|
<section3 topic='jabber:iq:register FORM_TYPE' anchor='registrar-formtypes-register'>
|
||||||
<p>Upon approval of this document, the <cite>XMPP Registrar</cite> shall register the following new fields for the existing jabber:iq:register FORM_TYPE. Additional fields will be defined in future submissions.</p>
|
<p>The <cite>XMPP Registrar</cite> registers the following fields for the existing jabber:iq:register FORM_TYPE. Additional fields might be defined in future submissions.</p>
|
||||||
<code><![CDATA[
|
<code><![CDATA[
|
||||||
<form_type>
|
<form_type>
|
||||||
<name>jabber:iq:register</name>
|
<name>jabber:iq:register</name>
|
||||||
@ -833,11 +842,21 @@
|
|||||||
|
|
||||||
<xs:schema
|
<xs:schema
|
||||||
xmlns:xs='http://www.w3.org/2001/XMLSchema'
|
xmlns:xs='http://www.w3.org/2001/XMLSchema'
|
||||||
targetNamespace='urn:xmpp:tmp:challenge'
|
targetNamespace='urn:xmpp:captcha'
|
||||||
xmlns='urn:xmpp:tmp:challenge'
|
xmlns='urn:xmpp:captcha'
|
||||||
elementFormDefault='qualified'>
|
elementFormDefault='qualified'>
|
||||||
|
|
||||||
<xs:element name='challenge'>
|
<xs:annotation>
|
||||||
|
<xs:documentation>
|
||||||
|
The protocol documented by this schema is defined in
|
||||||
|
XEP-0158: http://www.xmpp.org/extensions/xep-0158.html
|
||||||
|
</xs:documentation>
|
||||||
|
</xs:annotation>
|
||||||
|
|
||||||
|
<xs:import namespace='jabber:x:data'
|
||||||
|
schemaLocation='http://www.xmpp.org/schemas/x-data.xsd'/>
|
||||||
|
|
||||||
|
<xs:element name='captcha'>
|
||||||
<xs:complexType>
|
<xs:complexType>
|
||||||
<xs:sequence xmlns:xdata='jabber:x:data'>
|
<xs:sequence xmlns:xdata='jabber:x:data'>
|
||||||
<xs:element ref='xdata:x' minOccurs='1' maxOccurs='1'/>
|
<xs:element ref='xdata:x' minOccurs='1' maxOccurs='1'/>
|
||||||
@ -853,4 +872,5 @@
|
|||||||
<section1 topic='Open Issues' anchor='open'>
|
<section1 topic='Open Issues' anchor='open'>
|
||||||
<p>Another protocol could allow users to edit the challenges their server will make on their behalf. For example, the number of SHA-256 bits, a personal or original question and answer, a picture, a video, or a sound recording. Of course Aunt Tillie would typically use this feature only if she was plagued by abusive traffic.</p>
|
<p>Another protocol could allow users to edit the challenges their server will make on their behalf. For example, the number of SHA-256 bits, a personal or original question and answer, a picture, a video, or a sound recording. Of course Aunt Tillie would typically use this feature only if she was plagued by abusive traffic.</p>
|
||||||
</section1>
|
</section1>
|
||||||
|
|
||||||
</xep>
|
</xep>
|
||||||
|
Loading…
Reference in New Issue
Block a user