diff --git a/xep-0060.xml b/xep-0060.xml
index 3f0ecd87..4f6db9e4 100644
--- a/xep-0060.xml
+++ b/xep-0060.xml
@@ -74,6 +74,7 @@
Removed subids from subscription approval forms because subscribers can have only one unapproved subscription request per node at a given time.
Added optional support for delivery of notifications via XMPP IQ stanzas.
Removed the notion of batch publishing because it makes information coherence and atom handling excessively difficult.
+ Added error handling for too-many-subscriptions to help prevent a certain denial of service attack.
@@ -1181,6 +1182,7 @@ And by opposing end them?
The requesting entity is anonymous and the service does not allow anonymous entities to subscribe.
The requesting entity has a pending subscription.
The requesting entity is blocked from subscribing (e.g., because having an affiliation of outcast).
+ The requesting entity has attempted to establish too many subscriptions.
The node does not support subscriptions.
The node has moved.
The node does not exist.
@@ -1297,6 +1299,21 @@ And by opposing end them?
]]>
+
+ If the requesting entity has attempted to establish too many subscriptions (where the definition of "too many" is a matter of local service policy), the service MUST return a &policy; error to the subscriber, specifying a pubsub-specific error condition of <too-many-subscriptions/>.
+
+
+
+
+
+
+ ]]>
+ The service can match on bare JID or full JID in determining which subscribing entities match for the purpose of determining if an entity has requested too many subscriptions.
+
If the node does not allow entities to subscribe, the service SHOULD return a &feature; error to the subscriber, specifying a pubsub-specific error condition of <unsupported/> and a feature of "subscribe".
+