§12.3.

Relay security considerations

12.3.1. State maintenance

A Relay SHOULD have mechanisms to prevent malicious endpoints from flooding it with PUBLISH_NAMESPACE or SUBSCRIBE_NAMESPACE requests that could bloat data structures. It could use QUIC stream limits to limit the number of such requests, or could have application-specific policies that can reject incoming PUBLISH_NAMESPACE or SUBSCRIBE_NAMESPACE requests that cause the state maintenance for the session to be excessive.

12.3.2. SUBSCRIBE_NAMESPACE with short prefixes

A Relay can use authorization rules in order to prevent subscriptions closer to the root of a large prefix tree. Otherwise, if an entity sends a relay a SUBSCRIBE_NAMESPACE message with a short prefix, it can cause the relay to send a large volume of NAMESPACE messages. As changes occur in the tree of namespaces, the relay would have to send matching NAMESPACE/NAMESPACE_DONE messages.

This is one section of the MoQT specification, rendered per-section for quick reference and citation. The authoritative text is draft-ietf-moq-transport-17 at the IETF.