From 54e2980ce448feb6455535e422edfacf0055501e Mon Sep 17 00:00:00 2001
From: Wojciech Kapcia <wojtek@tigase.org>
Date: Tue, 16 Jun 2020 13:56:15 -0400
Subject: [PATCH] Clarify XEP-0178 (SASL-EXTERNAL) specification that after
 failed authentication connection doesn't have to be closed in s2s.

---
 xep-0178.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xep-0178.xml b/xep-0178.xml
index 359de488..902dd85f 100644
--- a/xep-0178.xml
+++ b/xep-0178.xml
@@ -379,7 +379,7 @@
           <p>Implementation Note: If Server2 needs to assign an authorization identity during SASL negotiation, it SHOULD use the value of the 'from' attribute of the stream header sent by Server1.</p>
         </li>
         <li>
-          <p>Else Server2 SHOULD return a &notauthorized; stream error and close the stream.</p>
+          <p>Else Server2 SHOULD return a &notauthorized; error and either close Server1's TCP connection or continue with a Server Dialback (XEP-0220) [8] negotiation.</p>
           <example><![CDATA[
 <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
   <not-authorized/>