Errata exists for this version of the document.
OPC UA user and Client Authentication reduce the risk of a legitimate Client being used to mount a resource exhaustion attack. Additionally, Server Auditing allows the detection of the Client if a resource exhaustion attack was carried out by a legitimate Client. Servers are also required to recycle OpenSecureChannel request that have not been completed (specified in OPC 10000-4), this will eliminate attacks from non-legitimate Clients. Resource exhaustion attacks do not apply to PubSub Systems, since no sessions or resources are allocated.