Last Call Review of draft-levine-herkula-oneclick-07
review-levine-herkula-oneclick-07-genart-lc-gont-2016-12-16-00
Request | Review of | draft-levine-herkula-oneclick |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | General Area Review Team (Gen-ART) (genart) | |
Deadline | 2016-10-10 | |
Requested | 2016-09-15 | |
Authors | John R. Levine , Tobias Herkula | |
I-D last updated | 2016-12-16 | |
Completed reviews |
Genart Last Call review of -07
by Fernando Gont
(diff)
Secdir Last Call review of -04 by Ben Laurie (diff) Opsdir Last Call review of -06 by Victor Kuarsingh (diff) |
|
Assignment | Reviewer | Fernando Gont |
State | Completed | |
Request | Last Call review on draft-levine-herkula-oneclick by General Area Review Team (Gen-ART) Assigned | |
Reviewed revision | 07 (document currently at 10) | |
Result | Not ready | |
Completed | 2016-12-16 |
review-levine-herkula-oneclick-07-genart-lc-gont-2016-12-16-00
The motivation of this document is not clear to me. Using mailman as an example, the unsubscription process is as difficult as the subscription process, so I don't really see what's the problem that is being tackled here. i.e., why unsuscription should be easier than it currently is. Besides, I think that, if published, this document should specify what are the POST arguments that must be included, and how the opaque identifier should be generated. That's key to assess the security considerations of this document. Finally: The document misses the consideration that, if an email is forwarded with full headers, the recipients of the forwarded message would be able to unsubscribe the original recipient of it, whereas with the normal List-Unsubscribe, he couldn't.