Address emlun's other comments

index.bs

@@ -1929,15 +1929,11 @@ a numbered step. If outdented, it (today) is rendered as a bullet in the midst o
      {{CredentialMediationRequirement/conditional}}:
 
     1. If the user agent has not recently mediated an authentication, the origin of said authentication is not |callerOrigin|, or the user
-    does not consent to this type of credential creation, throw a "{{NotAllowedError}}" {{DOMException}}.
+        does not consent to this type of credential creation, throw a "{{NotAllowedError}}" {{DOMException}}.
 
-    Note: The user agent will note when it believes an authentication ceremony has
-    been completed.
-
-    1. If <code>|pkOptions|.{{CredentialCreationOptions/timeout}}</code> is present, check if its value lies
-        within a reasonable range as defined by the [=client=] and if not, correct it to the closest value lying within that range.
-        Set a timer |lifetimeTimer| to this adjusted value. If <code>|pkOptions|.{{CredentialCreationOptions/timeout}}</code>
-        is not present, then set |lifetimeTimer| to a [=client=]-specific default.
+        It is up to the user agent to decide when it believes an authentication ceremony has
+        been completed. That authentication ceremony MAY be performed via other means than the
+        [=Web Authentication API=].
 
 1. Consider the value of {{PublicKeyCredentialCreationOptions/hints}} and craft the user interface accordingly, as the user-agent sees fit.