Addresses cabforum#240. Things are signed using private, not public k…

…eys.
dzacharo · Jan 10, 2022 · f7d956c · f7d956c
1 parent 6fea1a6
commit f7d956c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/BR.md b/docs/BR.md
@@ -2626,7 +2626,7 @@ This appendix defines permissible verification procedures for including one or m
 
       **Note**: This section does not override or supersede any provisions specified within the respective methods. The CA MUST only use a method if it is still permitted within that section and MUST NOT issue Wildcard Certificates or use it as an Authorization Domain Name, except as specified by that method.
 
-   b. The CA MAY verify the Applicant's control over the .onion service by having the Applicant provide a Certificate Request signed using the .onion public key if the Attributes section of the certificationRequestInfo contains:
+   b. The CA MAY verify the Applicant's control over the .onion service by having the Applicant provide a Certificate Request signed using the .onion private key if the Attributes section of the certificationRequestInfo contains:
 
       i. A caSigningNonce attribute that contains a Random Value that is generated by the CA; and
       ii. An applicantSigningNonce attribute that contains a single value with at least 64-bits of entropy that is generated by the Applicant.