Following up. You checked in a slightly different version of patch 6 and released it with 1.1.8. We will test your solution for this and adopt it if it works. We will update our code to honor both the idle timeout and the auth failure delay, to avoid the DoS situation you described, since you checked this into 1.2 not 1.1. Thanks!