The description of
slow_down in the page 23 of the 6th draft (draft-mobile-client-initiated-backchannel-authentication-06) says:
the interval MUST be increased by 5 seconds for this and all subsequent requests
I'm not sure "5 seconds" is always appropriate to every possible use case. Is it necessary for the specification to say "MUST be increased" with a concrete time value? In addition, the fixed value (5 seconds in this case) "for this and all subsequent requests" will eliminate adoption of "exponential backoff" algorithm.