Clarify validation step for packed attestation certificate for RPs.

index.bs

@@ -5888,7 +5888,9 @@ The attestation certificate MUST have the following fields/extensions:
 
 - If the related attestation root certificate is used for multiple authenticator models, the Extension OID
     `1.3.6.1.4.1.45724.1.1.4` (`id-fido-gen-ce-aaguid`) MUST be present, containing the AAGUID as a 16-byte OCTET STRING.
-    The extension MUST NOT be marked as critical.
+    The extension MUST NOT be marked as critical. As [=Relying Parties=] may not know if the attestation root
+    certificate is used for multiple authenticator models, it is suggested that [=Relying Parties=] check if the extension
+    is present, and if it is, then validate that it contains that same AAGUID as presented in the [=attestation object=].
 
     Note that an X.509 Extension encodes the DER-encoding of the value in an OCTET STRING.
     Thus, the AAGUID MUST be wrapped in <i>two</i> OCTET STRINGS to be valid. Here is a sample, encoded Extension structure: