diff --git a/journal/20210331-sshfp-and-the-tofu-issue.gmi b/journal/20210331-sshfp-and-the-tofu-issue.gmi
index 7565356..8e59104 100644
--- a/journal/20210331-sshfp-and-the-tofu-issue.gmi
+++ b/journal/20210331-sshfp-and-the-tofu-issue.gmi
@@ -1,6 +1,6 @@
 # SSHFP and the TOFU Issue
 
-When a user connects to an unknown ssh server for the first time they are presented with the host key fingerprint for that server and recommended to confirm that this host key is correct. The expectation is that a user will look out-of-bounds for that, by making a phone call, sending an email, looking something up online, etc. It's often ignored, but for that do it often results in looking on a website for the fingerprint in a footer or about page.
+When a user connects to an unknown ssh server for the first time they are presented with the host key fingerprint for that server and recommended to confirm that this host key is correct. The expectation is that a user will look out-of-bounds for that, by making a phone call, sending an email, looking something up online, etc. It's often ignored, but those who do it often end up looking on a website for the fingerprint in a footer or about page.
 
 A few months back I speculated that it would be better to store this fingerprint in a DNS txt record than on a website that's most likely hosted on the same server you're logging into. If that server were compromised or hijacked it would be trivial for the bad actor to update the fingerprint on the website since they now control that too. It would be much harder, though, to compromise the DNS entries at the same time as the server.