Re: Last Call: <draft-levine-herkula-oneclick-04.txt> (Signalling one-click functionality for list email headers) to Proposed Standard

["John Levine" <johnl@taugh.com>]

In article <6DD54672-A321-42A8-837C-0F5A85A2D796@dukhovni.org> you write:
>It seems to me that catering to senders whose unsubscribe volume is so
>high as to overwhelm their email systems should not be a priority.

People at large mail systems tell me it's a fact of life.  Long before
this particular hack ever came up, they already had problems of
accidentally DoS'ing other mail systems by mistake when something
provoked a lot of responses.  In any event, our goal here is to help
make mail less lousy, not to make a statement about how we think
people should design their systems.

>Can you explain the DKIM requirement in more detail?  Is the MUA required
>to verify the DKIM signature?  Or is it expected to alternatively trust
>any Authentication-Results header?

That's an implementation detail.  In the most likely implementations,
it's web mail so the MDA and MUA are all the same system.

> What purpose does the DKIM signature
>serve, if there is no required correlation between the authenticated "d="
>value and the authority of HTTPS unsubscribe URI?

It gives the recipient system a handle to use to decide whether they
trust the message enough to use the list-unsubscribe and
list-unsubscribe-post.  The postmaster at the world's largest mail
system has told me that this is useful to them.

>What are the cross-origin risks in allowing the incoming mail to trigger
>a POST to a URI of the sender's choice with sender selected parameters?

I would think that it's about the same as the GET that
List-Unsubscribe already can trigger.  We've lived with that for nearly
two decades.

>The Examples in Section 7 don't have anything resembling HMAC signatures
>over the recipient + list data, or opaque nonces that identify both.

The examples in the upcoming -06 are slightly opacified.

R's,
John