diff --git a/index.bs b/index.bs
index 564e2529d..30c4ea487 100644
--- a/index.bs
+++ b/index.bs
@@ -1794,9 +1794,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
|lifetimeTimer| to this adjusted value. If |pkOptions|.{{PublicKeyCredentialCreationOptions/timeout}} is not
present, then set |lifetimeTimer| to a [=client=]-specific default.
- Recommended ranges and defaults for |pkOptions|.{{PublicKeyCredentialCreationOptions/timeout}} are as follows.
- * Recommended range: 300000 milliseconds to 600000 milliseconds.
- * Recommended default value: 300000 milliseconds (5 minutes).
+ See the [=recommended range and default for a WebAuthn ceremony timeout=]
+ for guidance on deciding a reasonable range and default for |pkOptions|.{{PublicKeyCredentialCreationOptions/timeout}}.
Note: The user agent should take cognitive guidelines into considerations regarding timeout for users with special needs.
@@ -2296,9 +2295,8 @@ When this method is invoked, the user agent MUST execute the following algorithm
Set a timer |lifetimeTimer| to this adjusted value. If |pkOptions|.{{PublicKeyCredentialRequestOptions/timeout}}
is not present, then set |lifetimeTimer| to a [=client=]-specific default.
- Recommended ranges and defaults for |pkOptions|.{{PublicKeyCredentialRequestOptions/timeout}} are as follows.
- * Recommended range: 300000 milliseconds to 600000 milliseconds.
- * Recommended default value: 300000 milliseconds (5 minutes).
+ See the [=recommended range and default for a WebAuthn ceremony timeout=]
+ for guidance on deciding a reasonable range and default for |pkOptions|.{{PublicKeyCredentialRequestOptions/timeout}}.
Note: The user agent should take cognitive guidelines into considerations regarding timeout for users with special needs.
@@ -8354,6 +8352,9 @@ upon a client's behavior, e.g., the [=[RP]=] SHOULD store the challenge temporar
until the operation is complete. Tolerating a mismatch will compromise the security
of the protocol.
+Challenges SHOULD be valid for a duration similar to the
+upper limit of the [=recommended range and default for a WebAuthn ceremony timeout=].
+
In order to prevent replay attacks, the challenges MUST contain enough entropy to make guessing them infeasible. Challenges SHOULD
therefore be at least 16 bytes long.
@@ -8844,8 +8845,16 @@ as discussed in [[#sctn-username-enumeration]].
[=[RPS]=], at [=registration=] time, SHOULD provide affordances for users to complete future [=authorization gestures=] correctly. This could involve naming the authenticator, choosing a picture to associate with the device, or entering freeform text instructions (e.g., as a reminder-to-self).
+
+## Recommended Range for Ceremony Timeouts ## {#sctn-timeout-recommended-range}
+
[=Ceremonies=] relying on timing, e.g., a [=registration ceremony=] (see {{PublicKeyCredentialCreationOptions/timeout}}) or an [=authentication ceremony=] (see {{PublicKeyCredentialRequestOptions/timeout}}), ought to follow [[!WCAG21]]'s [Guideline 2.2 Enough Time](https://www.w3.org/TR/WCAG21/#enough-time). If a [=client platform=] determines that a [=[RP]=]-supplied timeout does not appropriately adhere to the latter [[!WCAG21]] guidelines, then the [=client platform=] MAY adjust the timeout accordingly.
+The recommended range and default for a WebAuthn ceremony timeout is as follows:
+
+* Recommended range: 300000 milliseconds to 600000 milliseconds.
+* Recommended default value: 300000 milliseconds (5 minutes).
+
# Acknowledgements # {#sctn-acknowledgements}
We thank the following people for their reviews of, and contributions to, this specification: