diff --git a/index.bs b/index.bs
index 328d99631..041f52bf7 100644
--- a/index.bs
+++ b/index.bs
@@ -9840,6 +9840,76 @@ Harry Halpin
for their contributions as our W3C Team Contacts.
+# Revision History # {#revision-history}
+
+[INFORMATIVE]
+
+This section contains the substantive changes that have been made to this specification over time.
+
+## Changes since Web Authentication Level 2 [[webauthn-2-20210408]] ## {#changes-since-l2}
+
+### Substantive Changes ### {#changes-l3-substantive}
+
+The following changes were made to the [=Web Authentication API=] and the way it operates.
+
+Changes:
+
+- Updated timeout guidance: [[#sctn-timeout-recommended-range]]
+- `uvm` extension no longer included; see instead L2 [[webauthn-2-20210408]]
+- [=authData/attestedCredentialData/aaguid=] in [=attested credential data=] is no longer zeroed
+ when {{PublicKeyCredentialCreationOptions/attestation}} preference is {{AttestationConveyancePreference/none}}: [[#sctn-createCredential]]
+
+
+Deprecations:
+
+- Registration parameter
+ {{CredentialCreationOptions/publicKey}}.{{PublicKeyCredentialCreationOptions/rp}}.{{PublicKeyCredentialEntity/name}}:
+ [[#dictionary-pkcredentialentity]]
+- [[#sctn-android-safetynet-attestation]]
+
+
+New features:
+
+- New JSON (de)serialization methods:
+ - {{PublicKeyCredential/toJSON()}} method in [[#iface-pkcredential]]
+ - [[#sctn-parseCreationOptionsFromJSON]]
+ - [[#sctn-parseRequestOptionsFromJSON]]
+- Create operations in cross-origin iframes:
+ - [[#sctn-createCredential]]
+ - [[#sctn-iframe-guidance]]
+- Conditional mediation for create: [[#sctn-createCredential]]
+- Conditional mediation for get: [[#sctn-getAssertion]]
+- [[#sctn-getClientCapabilities]]
+ - [[#sctn-disclosing-client-capabilities]]
+- New enum value {{AuthenticatorTransport/hybrid}} in [[#enum-transport]].
+- [[#sctn-signal-methods]]
+- New [=client data=] attribute {{CollectedClientData/topOrigin}}: [[#dictionary-client-data]]
+- [[#enum-hints]]
+- [[#sctn-related-origins]]
+- [=Authenticator data=] flags [=authData/flags/BE=] and [=authData/flags/BS=] assigned:
+ - [[#sctn-authenticator-data]]
+ - [[#sctn-credential-backup]]
+ - [[#sctn-automation-set-credential-properties]]
+- [[#sctn-compound-attestation]]
+- [[#prf-extension]]
+
+
+### Editorial Changes ### {#changes-l3-editorial}
+
+The following changes were made to improve clarity, readability, navigability and similar aspects of the document.
+
+- Updated [[#sctn-use-cases]] to reflect developments in deployment landscape.
+- Introduced [=credential record=] concept to formalize what data [=[RPS]=] need to store
+ and how it relates between [=registration ceremony|registration=] and [=authentication ceremonies=].
+- Clarified error conditions:
+ - [[#sctn-create-request-exceptions]]
+ - [[#sctn-get-request-exceptions]]
+- [[#sctn-strings]] split into subsections [[#sctn-strings-truncation-client]] and [[#sctn-strings-truncation-authenticator]]
+ to clarify division of responsibilities.
+- Added [[#sctn-test-vectors]].
+- Moved normative language outside of "note" blocks.
+
+
{