diff --git a/draft-ietf-tls-esni.md b/draft-ietf-tls-esni.md
index ff2a975a..92946560 100644
--- a/draft-ietf-tls-esni.md
+++ b/draft-ietf-tls-esni.md
@@ -886,8 +886,12 @@ initiated in response to a "retry_config".  Sending a "retry_config"
 in this situation is a signal that the server is misconfigured, e.g.,
 the server might have multiple inconsistent configurations so that the
 client reached a node with configuration A in the first connection and
-a node with configuration B in the second. If a client does not retry,
-it MUST report an error to the calling application.
+a node with configuration B in the second. Note that this guidance
+does not apply to the cases in the previous paragraph where the server
+has securely disabled ECH.
+
+If a client does not retry, it MUST report an error to the calling
+application.
 
 ### Authenticating for the Public Name {#auth-public-name}