From d7f6ceb429cc3000a185df7c44946997993c8423 Mon Sep 17 00:00:00 2001
From: Sean Eulenberg <sean@eulenberg.de>
Date: Thu, 24 Mar 2022 09:28:47 +0100
Subject: [PATCH] Fix a typo

Fix a typo
---
 doc/DESIGN.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/DESIGN.md b/doc/DESIGN.md
index dd671be..2a62751 100644
--- a/doc/DESIGN.md
+++ b/doc/DESIGN.md
@@ -30,7 +30,7 @@ So taking a commmand such as:
 
 The `trezor-agent` will take the `user`@`fqdn.com`; canonicalise it (e.g. to add the ssh default port number if none was specified) and then apply some simple hashing (See [SLIP-0013 : Authentication using deterministic hierarchy][2]). The resulting 128bit hash is then used to construct a lead 'HD node' that contains an extened public private *child* key.
 
-This way they keypair is specific to the server/hostname/port and protocol combination used. And it is this private key that is used to sign the nonce passed by the SSH server (as opposed to the master key).
+This way the keypair is specific to the server/hostname/port and protocol combination used. And it is this private key that is used to sign the nonce passed by the SSH server (as opposed to the master key).
 
 The `trezor-agent` then instructs SSH to connect to the server. It will then engage in the normal challenge response process, ask the hardware wallet to blindly sign any nonce flashed by the server with the derived child private key and return this to the server. It then hands over to normal SSH for the rest of the logged in session.