From 115c2f9372f903ee6b14526b6411f9dd6cd5028d Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Mon, 19 Aug 2024 13:47:21 +0200
Subject: [PATCH 1/2] Clarify meaning of "unless" in UP flag validation

---
 index.bs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/index.bs b/index.bs
index 6fac0abec..ec6bbb16b 100644
--- a/index.bs
+++ b/index.bs
@@ -5635,7 +5635,9 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
 
 1. Verify that the <code>[=rpIdHash=]</code> in |authData| is the SHA-256 hash of the [=RP ID=] expected by the [=[RP]=].
 
-1. Verify that the [=UP=] bit of the <code>[=flags=]</code> in |authData| is set, unless <code>|options|.{{CredentialCreationOptions/mediation}}</code> is set to {{CredentialMediationRequirement/conditional}}.
+1. Verify that the [=UP=] bit of the <code>[=flags=]</code> in |authData| is set.
+    If <code>|options|.{{CredentialCreationOptions/mediation}}</code> is set to {{CredentialMediationRequirement/conditional}},
+    ignore this verification step.
 
 1. If the [=[RP]=] requires [=user verification=] for this registration,
     verify that the [=authData/flags/UV=] bit of the <code>[=flags=]</code> in |authData| is set.

From 6cae8a57d3afbcc513a0ab2381866eae750a93a4 Mon Sep 17 00:00:00 2001
From: Matthew Miller <mmiller@duosecurity.com>
Date: Tue, 24 Sep 2024 12:04:50 +0200
Subject: [PATCH 2/2] Reword UP flag validation per review suggestion

---
 index.bs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/index.bs b/index.bs
index ec6bbb16b..0e9dc593c 100644
--- a/index.bs
+++ b/index.bs
@@ -5635,9 +5635,8 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
 
 1. Verify that the <code>[=rpIdHash=]</code> in |authData| is the SHA-256 hash of the [=RP ID=] expected by the [=[RP]=].
 
-1. Verify that the [=UP=] bit of the <code>[=flags=]</code> in |authData| is set.
-    If <code>|options|.{{CredentialCreationOptions/mediation}}</code> is set to {{CredentialMediationRequirement/conditional}},
-    ignore this verification step.
+1. If <code>|options|.{{CredentialCreationOptions/mediation}}</code> is not set to {{CredentialMediationRequirement/conditional}},
+    verify that the [=UP=] bit of the <code>[=flags=]</code> in |authData| is set.
 
 1. If the [=[RP]=] requires [=user verification=] for this registration,
     verify that the [=authData/flags/UV=] bit of the <code>[=flags=]</code> in |authData| is set.