fixup! Fix and un-Note note about constraints on credential ID length…

…/format

index.bs

@@ -1703,7 +1703,7 @@ that are returned to the caller when a new credential is created, or a new asser
         with high probability across all credentials of the same type, across all authenticators.
 
         This API does not constrain the format of this identifier,
-        except that it MUST be no longer than 1023 bytes and MUST be sufficient for the [=authenticator=] to uniquely select a key.
+        except that it MUST NOT be longer than 1023 bytes and MUST be sufficient for the [=authenticator=] to uniquely select a key.
         For example, an authenticator without on-board storage may create identifiers containing a [=credential private key=]
         wrapped with a symmetric key that is burned into the authenticator.