Retain hub.verify_token

[evanp]

I think it's a mistake to remove the hub.verify_token parameter.

This identifier lets a subscriber know that the caller who's verifying a subscription is the same party they asked for a subscription in the first place.

An attacker could test a subscription callback URL to see if there are outstanding subscription requests for a list of well-known topics, and if any of them are a "hit", it could start sending false or abusive updates to the callback.

[Deleted user]

Evan, we had this discussion over on the PubSubHubbub mailing list... several times.
The hub.verify_token is useless. The scenario you're describing is prevented by the use of hub.secret and signatures...
The verify token was initially introduced in a context of 2 concurrent subscription from a subscriber with the same callback url: it would allow the subscriber to differentiate the verification of intent quickly.