Address review comments by @akshayku

index.bs

@@ -1245,8 +1245,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
                 ::  whose value is the bytes of the signature value returned by the [=authenticator=].
 
                 :   <code><dfn for="assertionCreationData">userHandleResult</dfn></code>
-                ::  If |savedCredentialId| exists, set the value of [=userHandleResult=] to be the bytes of the [=user handle=]
-                    returned by the [=authenticator=]. Otherwise, set the value of [=userHandleResult=] to null.
+                ::  If the authenticator returned a [=user handle=], set the value of [=userHandleResult=] to be the bytes of that
+                    [=user handle=] returned by the [=authenticator=]. Otherwise, set the value of [=userHandleResult=] to null.
 
                 :   <code><dfn for="assertionCreationData">clientExtensionResults</dfn></code>
                 ::  whose value is an {{AuthenticationExtensions}} object containing [=extension identifier=] →
@@ -2340,16 +2340,14 @@ When this method is invoked, the [=authenticator=] must perform the following pr
     Return to the user agent:
         - |selectedCredential|'s [=credential ID=], if either a [=list=] of credentials of [=list/size=] 2 or greater was supplied
             by the client, or no such [=list=] was supplied. Otherwise, return only the below values.
+
+            Note: If the client supplies a [=list=] of exactly one credential and it was successfully employed, then its
+                [=credential ID=] is not returned since the client already knows it. This saves transmitting these bytes over
+                what may be a constrained connection in what is likely a common case.
+
         - |authenticatorData|
         - |signature|
-        - The [=user handle=] associated with |selectedCredential|, if no [=list=] of credentials was supplied by the client, or
-            no such [=list=] was supplied. Otherwise, do not return this value.
-
-      Note: If the client supplies a [=list=] of exactly one credential and it was successfully employed, then its
-          [=credential ID=] and [=user handle=] are not returned since the [=[RP]=], having provided the [=credential ID=] to the
-          client, already knows the [=credential ID=] and the identity of the user. This saves transmitting these bytes over what
-          may be a constrained connection in what is likely a common case, and enables backwards compatibility with legacy
-          [=authenticators=] that cannot store the [=user handle=].
+        - The [=user handle=] associated with |selectedCredential|, if available.
     </li>
 
 If the authenticator cannot find any credential corresponding to the specified [=[RP]=] that matches the specified criteria, it