As noted, a server MUST NOT allow an client to resume a stream management session until after the client has authenticated (for some value of "authentication"); this helps to prevent session hijacking.
+As noted, a server MUST NOT allow a client to resume a stream management session until after the client has authenticated (for some value of "authentication"); this helps to prevent session hijacking.