It sucks that comments aren't enabled on that post. You can see the responses from the community (including Brett Slatkin one of the authors) on the Google Group for PuSH:
It seems that the all of these problems could be eliminated by giving every client, feed server, hub and actual feed a UUID, and swapping them in a handshake. (A feed having the same UUID would be a necessary, but not sufficient, condition to consider it the same as another feed; it would still compare the URLs.) This would reduce the actual message transmission, in cases of mistaken identity, to a few (16-32) bytes each time. Then, clients, servers, or hubs which repeatedly return incorrect responses to identity queries would just have to be throttled.
