diff --git a/index.bs b/index.bs
index 9ec20db66..593d9c0fd 100644
--- a/index.bs
+++ b/index.bs
@@ -2356,8 +2356,8 @@ When this operation is invoked, the [=authenticator=] MUST perform the following
             decrypt it.
 1. If any error occurred while creating the new credential object, return an error code equivalent to "{{UnknownError}}" and
     terminate the operation.
-1. Let |processedExtensions| be the result of [=authenticator extension processing=] [=map/for each=] supported <var
-    ignore>extensionId</var> → <var ignore>authenticatorExtensionInput</var> in |extensions|.
+1. Let |processedExtensions| be the result of [=authenticator extension processing=] [=map/for each=] supported [=extension
+    identifier=] → [=authenticator extension input=] in |extensions|.
 1. If the [=authenticator=] supports:
     <dl class="switch">
         :   a per-[=RP ID=] [=signature counter=]
@@ -2431,8 +2431,8 @@ When this method is invoked, the [=authenticator=] MUST perform the following pr
     If the user does not [=user consent|consent=], return an error code equivalent to
     "{{NotAllowedError}}" and terminate the operation.
 
-1. Let |processedExtensions| be the result of [=authenticator extension processing=] [=map/for each=] supported <var
-    ignore>extensionId</var> → <var ignore>authenticatorExtensionInput</var> in |extensions|.
+1. Let |processedExtensions| be the result of [=authenticator extension processing=] [=map/for each=] supported [=extension
+    identifier=] → [=authenticator extension input=] in |extensions|.
 1. Increment the [=RP ID=]-associated
     [=signature counter=] or the global [=signature counter=] value, depending on 
     which approach is implemented by the [=authenticator=], by some positive value.
@@ -3618,10 +3618,9 @@ parameter of the [=authenticatorMakeCredential=] and [=authenticatorGetAssertion
 [=CBOR=] map where each key is an [=extension identifier=] and the corresponding value is the [=authenticator extension input=]
 for that extension.
 
-Likewise, the <dfn>authenticator extension output</dfn> value of each processed [=authenticator extension=] is represented by one
-key/value pair in [=authdataextensions|extensions=] part of the [=authenticator data=]. The [=authdataextensions|extensions=] part
-of the [=authenticator data=] is a [=CBOR=] map where each key is an [=extension identifier=] and the corresponding value is the
-[=authenticator extension output=] of that extension.
+Likewise, the extension output is represented in the [=authdataextensions|extensions=] part of the [=authenticator data=]. The
+[=authdataextensions|extensions=] part of the [=authenticator data=] is a CBOR map with [=CBOR=] [=extension identifiers=] as
+keys, and the [=CBOR=] <dfn>authenticator extension output</dfn> value of each extension as the value.
 
 For each supported extension, the [=authenticator extension processing=] rule for that extension is used create the
 [=authenticator extension output=] from the [=authenticator extension input=] and possibly also other inputs.