fix typo & more wording from luca

author: Matthew Hodgson <matthew@matrix.org> 2019-06-20 00:21:47 +0100
committer: Matthew Hodgson <matthew@matrix.org> 2019-06-20 00:21:47 +0100
commit: cfd1450b0e93585b254c10c6a9d896954f6e7bd1 (patch)
tree: 27b98c4e1dbb0d86c03cb657d22ef194657b13f9 /docs
parent: 27f5c25fe855300c4af70b13088708214af6d232 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/docs/megolm.md b/docs/megolm.md
index 58ea10b..ec98001 100644
--- a/docs/megolm.md
+++ b/docs/megolm.md
@@ -276,8 +276,8 @@ messages are still secret.
 
 By itself, Megolm does not possess this property: once the key to a Megolm
 session is compromised, the attacker can decrypt any message that was
-encrypted using a key derived from the compromised key or any following
-ratchet values.
+encrypted using a key derived from the compromised or subsequent ratchet
+values.
 
 In order to mitigate this, the application should ensure that Megolm sessions
 are not used indefinitely. Instead it should periodically start a new session,
@@ -298,8 +298,8 @@ In Megolm, each recipient maintains a record of the ratchet value which allows
 them to decrypt any messages sent in the session after the corresponding point
 in the conversation. If this value is compromised, an attacker can similarly
 decrypt past messages which were encrypted by a key derived from the
-compromised key or any following ratchet values. This gives 'partial'
-forrward secrecy.
+compromised or subsequent ratchet values. This gives 'partial' forward
+secrecy.
 
 To mitigate this issue, the application should offer the user the option to
 discard historical conversations, by winding forward any stored ratchet values,
author	Matthew Hodgson <matthew@matrix.org>	2019-06-20 00:21:47 +0100
committer	Matthew Hodgson <matthew@matrix.org>	2019-06-20 00:21:47 +0100
commit	cfd1450b0e93585b254c10c6a9d896954f6e7bd1 (patch)
tree	27b98c4e1dbb0d86c03cb657d22ef194657b13f9 /docs
parent	27f5c25fe855300c4af70b13088708214af6d232 (diff)