diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md
index 326e46779..6d8c1388e 100644
--- a/draft-ietf-httpbis-http2-encryption.md
+++ b/draft-ietf-httpbis-http2-encryption.md
@@ -232,7 +232,6 @@ origin makes such a commitment for the duration of the origin object lifetime.
 ~~~ example
 {
   "http://www.example.com": {
-    "tls-ports": [443,8080],
     "tls-commit": true,
     "lifetime": 3600
   }
@@ -244,6 +243,12 @@ advertised period. Clients that receive this commitment can assume that a secure
 service will be available for the origin object lifetime. Clients might however choose to limit
 this time (see {{pinrisks}}).
 
+The `tls-ports` member is ignored when the `tls-commit` member is provided.  A server that is
+able to strongly authenticate can run on any host or port.  Though a client will not discover
+such a server using the process in this document, it might learn that a strongly authenticated
+server exists by other means, such as when a connection is reused (see Section 9.1.1 of
+[RFC7540]).
+
 
 ## Client Handling of A Commitment