More clearly explain retry behavior of sync versus async verification

[GoogleCodeExporter]

From Jay:

> 6.1.2 of the spec says "In synchronous mode, the verification (Section
6.2 (Hub Verifies Intent of the Subscriber)) MUST be completed before the
hub returns a response."
>
> 6.2.1 of the spec says "The hub MUST consider other server response codes
(3xx, 4xx, and 5xx) to mean that the subscription action was not verified.
The hub SHOULD retry verification a reasonable number of times over the
course of a longer time period (e.g., 6 hours) until a definite
acknowledgement (positive or negative) is received."
>
> One assumes that this section of 6.2.1 does not apply to synchronous
requests, but it's left somewhat undefined.  So, for clarification, any
failure of verification in a synchronous request should be immediate and
permanent - correct?  If that's true, the text should read "For async
verifications the hub SHOULD retry [...]"
>
> Also, a 200 reply with an incorrect challenge response should be
considered immediately fatal and treated as if it was a 404 (in any verify
mode), correct?  (To help prevent DoS/spamming.)

Original issue reported on code.google.com by bslatkin on 19 Oct 2009 at 1:19

[GoogleCodeExporter]

Original comment by bslatkin on 8 Feb 2010 at 11:42

• Added labels: spec0.3

[GoogleCodeExporter]

Addressed in 0.3 draft spec

Original comment by bslatkin on 9 Feb 2010 at 6:05

• Changed state: Fixed