Last Call Review of draft-levine-herkula-oneclick-07

Request Review of draft-levine-herkula-oneclick
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2016-10-10
Requested 2016-09-15
Authors John Levine, Tobias Herkula
Draft last updated 2016-12-16
Completed reviews Genart Last Call review of -07 by Fernando Gont (diff)
Secdir Last Call review of -04 by Ben Laurie (diff)
Opsdir Last Call review of -06 by Victor Kuarsingh (diff)
Assignment Reviewer Fernando Gont
State Completed
Review review-levine-herkula-oneclick-07-genart-lc-gont-2016-12-16
Reviewed rev. 07 (document currently at 10)
Review result Not Ready
Review completed: 2016-12-16


The motivation of this document is not clear to me. Using mailman as an
example, the unsubscription process is as difficult as the subscription
process, so I don't really see what's the problem that is being tackled
here. i.e., why unsuscription should be easier than it currently is.

Besides, I think that, if published, this document should specify what
are the POST arguments that must be included, and how the opaque
identifier should be generated. That's key to assess the security
considerations of this document.

The document misses the consideration that, if an email is forwarded
with full headers, the recipients of the forwarded message would be able
to unsubscribe the original recipient of it, whereas with the normal
List-Unsubscribe, he couldn't.