diff --git a/index.bs b/index.bs
index 652a6e534..0e61497b8 100644
--- a/index.bs
+++ b/index.bs
@@ -3068,11 +3068,11 @@ value and terminate the operation.
};
-[=[WRPS]=] may use these signal methods to signal [=authenticators=]
-the state of [=public key credentials=], so that incorrect or revoked
+[=[WRPS]=] may use these signal methods to inform [=authenticators=]
+of the state of [=public key credentials=], so that incorrect or revoked
credentials may be updated, removed, or hidden. [=Clients=] provide this
functionality opportunistically, since an authenticator may not support updating
-its [=credentials map=] or it may not be attached at the time the request is
+its [=credentials map=] or may not be attached at the time the request is
made. Furthermore, in order to avoid revealing information about a user's
credentials without [=user consent=], [=signal methods=] do not indicate whether
the operation succeeded. A successfully resolved promise only means that the
@@ -3090,10 +3090,10 @@ In cases where an [=authenticator=] does not have the capability to process an
infrastructure such as [[!FIDO-CTAP]]'s `authenticatorCredentialManagement`
command to achieve an equivalent effect.
-Note: [=Signal methods=] intentionally do not wait for the [=authenticators=] to
-finish executing the [=signal method/authenticator actions=] to protect users
+Note: [=Signal methods=] intentionally avoid waiting for [=authenticators=] to
+complete executing the [=signal method/authenticator actions=]. This measure protects users
from [=[WRPS]=] gaining information about availability of their credentials
-without [=user consent=] from the timing of the request.
+without [=user consent=] based on the timing of the request.
#### Asynchronous RP ID validation algorithm #### {#sctn-signal-methods-async-rp-id-validation}
@@ -3120,9 +3120,8 @@ and returns a promise that rejects if the validation fails. The steps are:
#### {{PublicKeyCredential/signalUnknownCredential(options)}} #### {#sctn-signalUnknownCredential}
-Signals that a [=credential id=] was not recognized by the [=[WRP]=], e.g.
-because it was deleted by the user. Unlike
-{{PublicKeyCredential/signalAllAcceptedCredentials(options)}}, this
+The {{PublicKeyCredential/signalUnknownCredential(options)|signalUnknownCredential}} method signals that a [=credential id=] was not recognized by the [=[WRP]=],
+e.g. because it was deleted by the user. Unlike {{PublicKeyCredential/signalAllAcceptedCredentials(options)}}, this
method does not require passing the entire list of accepted [=credential IDs=]
and the [=userHandle=], avoiding a privacy leak to an unauthenticated caller
(see [[#sctn-credential-id-privacy-leak]]).
@@ -3264,15 +3263,15 @@ ID=] were accidentally omitted, the [=relying party=] should immediately include
it in {{PublicKeyCredential/signalAllAcceptedCredentials(options)}} as soon as
possible to "unhide" it, if supported by the [=authenticator=].
-Note: [=Authenticators=] should prefer hiding [=public key credentials=] instead
+Note: [=Authenticators=] should prefer hiding [=public key credentials=] for a period of time instead
of permanently removing them whenever possible to aid recovery if a [=[WRP]=]
accidentally omits valid [=credential IDs=] from
{{AllAcceptedCredentialsOptions/allAcceptedCredentialIds}}.
#### {{PublicKeyCredential/signalCurrentUserDetails(options)}} #### {#sctn-signalCurrentUserDetails}
-Signals the user's current {{PublicKeyCredentialEntity/name}} and
-{{PublicKeyCredentialUserEntity/displayName}}.
+The {{PublicKeyCredential/signalCurrentUserDetails(options)|signalCurrentUserDetails}} method signals the user's
+current {{PublicKeyCredentialEntity/name}} and {{PublicKeyCredentialUserEntity/displayName}}.
Upon invocation of {{PublicKeyCredential/signalCurrentUserDetails(options)}}, the
[=client=] executes these steps: