add issue

index.bs

@@ -856,6 +856,10 @@ When this method is invoked, the user agent MUST execute the following algorithm
 
                         :   "direct"
                         ::  convey the authenticator's [=AAGUID=] and [=attestation statement=], unaltered, to the RP.
+
+                        Issue: @balfanz wishes to add to the "direct" case: 
+                            *   If, for whatever reason, the client cannot pass on the authenticator-generated attestation 
+                                statement, it MUST terminate the credential generation operation with a "NotAllowedError". 
                     </dl>
 
                 1.  Let |id| be <code>|attestationObject|.authData.[=attestedCredentialData=].[=credentialId=]</code>.
@@ -1565,7 +1569,7 @@ during credential generation.
 </pre>
 
 <div dfn-type="enum-value" dfn-for="AttestationConveyancePreference">
-    *   <dfn>none</dfn>indicates that the [=[RP]=] is not interested in [=authenticator=] [=attestation=].
+    *   <dfn>none</dfn> - indicates that the [=[RP]=] is not interested in [=authenticator=] [=attestation=].
         The client may replace the [=AAGUID=] and [=attestation statement=] generated
         by the authenticator with meaningless client-generated values. For example, in order to avoid having to obtain 
         [=user consent=] to relay uniquely identifying information to the [=[RP]=], or to save a roundtrip to a Privacy CA.