Hi Paul
Sorry for the late reply. Hopefully the following is more clear? When designing systems which will provide connectivity for non-authenticated users, the system SHOULD be designed with the capacity to support not only the maximum intended number of peers, but also include an additional number of sessions which are created due to malicious or erroneous behaviour. This safety margin will allow a system to still operate safely under load until it is exceeded. On 13/01/2015 23:16, "Paul Wouters" <[email protected]> wrote: >> >>What I was alluding to is covered now in section 3.2 (and in Paul's >>email). However I think some final words at the end of 3.2 such as 'For >>this reason systems should be designed to accommodate legitimate and >>non-legitimate non-authenticated peers', would then make this message >>crystal clear. > >Can you propose text? I personally find "legitimate and non-legitimate >non-authenticated peers" very unclear. I don't think a server can ever >tell those two aparts based on IKE.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
