13.7.1. State maintenance
A Relay SHOULD have mechanisms to prevent malicious endpoints from flooding it with PUBLISH_NAMESPACE, SUBSCRIBE_NAMESPACE, or SUBSCRIBE_TRACKS requests that could bloat data structures. It could use QUIC stream limits to limit the number of such requests, or could have application-specific policies that can reject incoming requests that cause the state maintenance for the session to be excessive.
13.7.2. SUBSCRIBE_NAMESPACE and SUBSCRIBE_TRACKS with short prefixes
A Relay can use authorization rules in order to prevent subscriptions closer to the root of a large prefix tree. Otherwise, if an entity sends a relay a SUBSCRIBE_NAMESPACE or SUBSCRIBE_TRACKS message with a short prefix, it can cause the relay to send a large volume of NAMESPACE or PUBLISH messages. As changes occur in the tree of namespaces, the relay would have to send matching NAMESPACE/NAMESPACE_DONE messages or initiate new PUBLISH streams.