Strictly speaking, "< 1024" and "not larger than 1024" are not equivalent.
1. Check that the <code>[=credentialId=]</code> is ≤ 1023 bytes. Credential IDs larger than this many bytes SHOULD cause the RP to fail this [=registration ceremony=].
And if I may (this is more subjective), I think it's worth eliminating the little indirection here. Not that it's a lot of cognitive load, but every bit helps.
1. Check that the <code>[=credentialId=]</code> is ≤ 1023 bytes long. Credential IDs larger than 1023 bytes SHOULD cause the RP to fail this [=registration ceremony=].
Strictly speaking, "< 1024" and "not larger than 1024" are not equivalent.
And if I may (this is more subjective), I think it's worth eliminating the little indirection here. Not that it's a lot of cognitive load, but every bit helps.
_Originally posted by @emlun in https://github.com/w3c/webauthn/pull/1664#discussion_r713335901_