James Holderness has written some critique of PubSubHubbub security: http://www.xn--8ws00zhy3a.com/blog/2009/11/pubsubhubbub-security-concerns
It'd be nice if he had posted to this forum or provided another forum of his own for a response, but either way I plan to write something to go over all of his concerns. In the meantime, I'm happy to say that I think every issue he points out has already been or can easily be mitigated in the hubs that are out there, the biggest help being automatic subscription refreshing (http://pubsubhubbub.googlecode.com/svn/trunk/pubsubhubbub-core-0.2.html#autorefresh) which can narrow the window of any attack significantly. In my view, his concerns further validate the idea that delegating to hubs is the correct model for real-time feeds, since it's very difficult to get all of the security and DoS details of an implementation correct for every publisher out there. -Brett
