Add note about verifying U2F assertion signatures

index.bs

@@ -3016,6 +3016,10 @@ When verifying a given {{PublicKeyCredential}} structure (|credential|) and an {
 1. Using the credential public key looked up in step 3, verify that |sig| is a valid signature over the binary concatenation of
     |aData| and |hash|.
 
+    Note: This verification step is automatically compatible with signatures generated by FIDO U2F authenticators, because the
+    first 37 bytes of the U2F signed data constitute a valid [=authenticator data=] structure and the remaining 32 bytes are
+    |hash|. [[FIDO-U2F-Message-Formats]]
+
 1. If the [=signature counter=] value |adata|.<code>[=signCount=]</code> is nonzero or the value stored
     in conjunction with |credential|'s {{Credential/id}} attribute
     is nonzero, then run the following sub-step: