diff --git a/index.bs b/index.bs
index 4178af162..b6afc8b73 100644
--- a/index.bs
+++ b/index.bs
@@ -7580,6 +7580,61 @@ To <dfn abstract-op>Create a new supplemental public key record</dfn>, perform t
         [=set/append=] this [=supplemental public key record=] to |credentialRecord|.[$credential record/supplementalPubKeys$].
 
 
+### User verification caching extension (userVerificationCaching) ### {#sctn-user-verification-caching-extension}
+
+In some cases it is good enough for the [=[RP]=] to know whether the user was verified by the authenticator "recently".
+
+This extension allows the [=[RP]=] to specify such [=user verification=] caching time, i.e. the time for which the [=user verification=] status can be "cached" by the [=authenticator=].
+
+For example: Do not ask the user for a fresh [=user verification=] for sign-in if the user was verified by this authenticator within the past 300 seconds.
+
+: Extension identifier
+:: `userVerificationCaching`
+
+: Operation applicability
+:: [=authentication extension|authentication=]
+
+: Client extension input
+:: The maxTimeSinceLastUV denotes the maximum acceptable number of milliseconds elapsed since the last time the user was successfully verified.
+    <xmp class="idl">
+    partial dictionary AuthenticationExtensionsClientInputs {
+      unsigned long long maxTimeSinceLastUV;
+    };
+    </xmp>
+
+: Client extension processing
+:: None, except creating the [=authenticator extension input=] from the client extension input.
+
+: Client extension output
+:: Returns the number of milliseconds elapsed since the last time the user was successfully verified as returned by the [=authenticator=].
+    <xmp class="idl">
+    partial dictionary AuthenticationExtensionsClientOutputs {
+      unsigned long long timeSinceLastUV;
+    };
+    </xmp>
+
+: Authenticator extension input
+:: The maximum acceptable time in milliseconds elapsed since last user verification, encoded in CBOR.
+
+    ```
+    $$extensionInput //= (
+      mtslUV: uint .size 4
+    )
+    ```
+
+: Authenticator extension processing
+:: When user verification is requested, the [=authenticator=] triggers user verification only if more milliseconds have elapsed since the last time the user was verified than indicated by the maxTimeSinceLastUV value in the extension.
+
+: Authenticator extension output
+:: If no fresh user verification needed to be triggered triggered, the authenticator reports the time last last user verification time back to the [=[RP]=] to ensure the [=[RP]=] is aware that no fresh user verification was triggered.  It is up to the authenticator to decide whether to return the real elapsed time, or a "rounded" value. If user verification was requested, this value SHALL not exceed the value originally provided in the extension input.
+
+    ```
+    $$extensionOutput //= (
+      tslUV: uint .size 4
+    )
+    ```
+
+
 # User Agent Automation # {#sctn-automation}
 
 For the purposes of user agent automation and [=web application=] testing, this document defines a number of [[WebDriver]] [=extension commands=].
