On 5/8/18 7:17 PM, Andrei Popov wrote:
Application-specific clients and servers (custom apps) can reject connections without TB, or they can implement a variety of other measures when TB is not negotiated (e.g., issue shorter-lived tokens, require stronger authentication, ...)
If I read Matthew's request correctly, all he is asking is that you add words to the document that say exactly what you say above. Right now, the implication in the document is that the client is required to continue to use the connection as if nothing is wrong.
/a