IETF Interim: Web Bot Auth 2026-04-13

The IETF interim session on April 13 focused on a personal draft for Web Bot Authentication, examining proposed use cases and gauging community interest. The meeting began with a quick poll on mitigating volumetric bot abuse, which received unanimous thumbs‑up, indicating strong support for that scenario. Key discussions revolved around the wording of "controlling access by bots," with participants arguing it describes an outcome rather than a concrete problem. Several contributors highlighted the need to differentiate this from AI preferences work and questioned whether bot identification should be voluntary or effectively mandatory for high‑traffic sites. Notable remarks included a participant’s claim that the phrase is "circular" and another’s assertion that "voluntary is not accurate" because compliance will be required to enforce limits. The dialogue also surfaced concerns about bots impersonating each other and the broader challenge of distinguishing legitimate bots from malicious actors. The consensus emerging from the session is that clearer, problem‑oriented use‑case definitions are essential before the draft can advance to formal IETF consideration. Achieving this clarity will shape future standards for bot authentication, influencing how websites manage traffic, protect content, and interact with automated agents.