Hello everyone, I am fairly new to the concept of pubsubhubbub, but I must say I really like the simplicity of it. The wiki [1] says that there is no thundering herd problems for publishers. However, in the scenario where a malicious attacker publishes the same url to a large number of hubs, they will all try to fetch new content regarding the URL more or less at the same time. Is this not to be considered as a problem ? This point could be eliminated by hubs, if they have a whitelist of known publishers and only receive a notification of new content for those publishers. However, this is not feasible for public, general-purpose hubs.
The same attack can be made towards subscribers, where a malicious attacker sends a "subscribe" to a large number of hubs with the same callback, leading each one to verify the subscription with the target at the same time. Of course the target won't subscribe with any (except the ones it was already registered), but will still have to process a large number of requests, even for just a 404. In other threads on this mailing-list, I saw that you didn't expect more than a few public PubSubHubBub hubs, so these scenarios wouldn't apply. What if you were wrong and many companies started to run public hubs for, say, traffic analysis ? Or, Planets[2], for instance, could benefit implementing their own hub in addition to their own subscriber, for redistributing updates. I may be completely wrong on some point, so I would like to know what you think about it. [1] https://code.google.com/p/pubsubhubbub/wiki/ComparingProtocols [2] https://en.wikipedia.org/wiki/Planet_%28software%29 Regards, -- Matthieu Rakotojaona
