Another point from Roman

danielfett · danielfett · commit 0ec325ad2340 · 2024-02-08T18:00:13.000+01:00
diff --git a/A02_recommendations.md b/A02_recommendations.md
@@ -230,7 +230,7 @@ Under the conditions described in (#client_impersonating_countermeasures),
 authorization servers SHOULD NOT allow clients to influence their `client_id` or
 any claim that could cause confusion with a genuine resource owner.
 
-It is RECOMMENDED to use end-to-end TLS between the client and the resource server. If TLS
+It is RECOMMENDED to use end-to-end TLS according to [@!BCP195] between the client and the resource server. If TLS
 traffic needs to be terminated at an intermediary, refer to
 (#tls_terminating) for further security advice.
 
diff --git a/B_references.md b/B_references.md
@@ -278,3 +278,13 @@
     <date day="20" month="December" year="2020"/>
   </front>
 </reference>
+
+
+<reference anchor="BCP195" target="https://www.rfc-editor.org/info/bcp195">
+  <front>
+    <title>BCP195</title>
+    <author>
+      <organization>IETF</organization>
+    </author>
+  </front>
+</reference>
