User is able to subscribe to filters where they will never receive an event/message.

[LiranCohen]

As discussed in the RecordsSubscribe PR (https://github.com/TBD54566975/dwn-sdk-js/pull/667)

[...] this does bring up a point: doesn't this mean we allow anyone to subscribe to "nothing" which essentially is a very simple mechanism for DDOS? I do wonder if it is worth while thinking about prevention/mitigation further, even if outside the scope of this PR.

Originally posted by @thehenrytsai in https://github.com/TBD54566975/dwn-sdk-js/pull/667#discussion_r1463907133

[alanhkarp]

How do you know the subscriber will never receive an event or message?

Are the conditions are inconsistent, e.g., end date is earlier than start date? I'd say you should return an error message.

Does the filter specify some non-existent resource? I think you accept the subscription because the resource might be created later.

What other conditions could result in never receiving an event or message?

[alanhkarp]

I don't understand the DDOS remark. Isn't a subscription that returns a lot of stuff a more likely DDoS than one that never returns anything?

DDoS is a big topic that warrants a separate discussion covering all aspect of the spec.