Fix dangling language in WebAuthn Extensions section

index.bs

@@ -5870,9 +5870,11 @@ ignored by the client browser or OS and not passed to the authenticator at all,
 Ignoring an extension is never considered a failure in WebAuthn API processing, so when [=[RPS]=] include extensions with any
 API calls, they MUST be prepared to handle cases where some or all of those extensions are ignored.
 
-All [=WebAuthn Extensions=] MUST be defined in such a way that this implementation choice does not endanger the user's
-security or privacy. For instance, if an extension requires client processing, it could be defined in a manner that ensures such
-a naïve pass-through will produce a semantically invalid [=authenticator extension input=] value, resulting in the extension
+All [=WebAuthn Extensions=] MUST be defined in such a way that lack of support for them by the [=client=] or [=authenticator=]
+does not endanger the user's security or privacy.
+For instance, if an extension requires client processing, it could be defined in a manner that ensures
+that a naïve pass-through that simply transcodes [=client extension inputs=] from JSON to CBOR
+will produce a semantically invalid [=authenticator extension input=] value, resulting in the extension
 being ignored by the authenticator. Since all extensions are OPTIONAL, this will not cause a functional failure in the API
 operation.