§13.7.

Relay security considerations

13.7.1. State maintenance

A Relay SHOULD have mechanisms to prevent malicious endpoints from flooding it with PUBLISH_NAMESPACE, SUBSCRIBE_NAMESPACE, or SUBSCRIBE_TRACKS requests that could bloat data structures. It could use QUIC stream limits to limit the number of such requests, or could have application-specific policies that can reject incoming requests that cause the state maintenance for the session to be excessive.

13.7.2. SUBSCRIBE_NAMESPACE and SUBSCRIBE_TRACKS with short prefixes

A Relay can use authorization rules in order to prevent subscriptions closer to the root of a large prefix tree. Otherwise, if an entity sends a relay a SUBSCRIBE_NAMESPACE or SUBSCRIBE_TRACKS message with a short prefix, it can cause the relay to send a large volume of NAMESPACE or PUBLISH messages. As changes occur in the tree of namespaces, the relay would have to send matching NAMESPACE/NAMESPACE_DONE messages or initiate new PUBLISH streams.

This is one section of the MoQT specification, rendered per-section for quick reference and citation. The authoritative text is draft-ietf-moq-transport-18 at the IETF.