I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Status: ready with issues. Broadly speaking, all seems fine with this draft, except the advice given for making the header non-forgeable is weak. "The URI and POST arguments SHOULD include a hard to forge component such as a hash in addition to or instead of the plain-text names of the list and the subscriber." Hashes are not inherently hard to forge, they need to be combined with a secret of some kind. Also, using a plain hash is error-prone. So better advice would be something along the lines of "The URI and POST arguments SHOULD include a hard to forge component such as an HMAC (RFC 2104) of the other components, using a secret key, in addition to or instead of the plain-text names of the list and the subscriber." Although its kinda obvious, you should probably also say that the server SHOULD verify this HMAC. Finally, since the URI argument is the subject of an existing RFC (2369) that RFC should probably be updated to include this advice.