Removed the application field and added an expiration field.

1 files changed, 7 insertions, 6 deletions

diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 7fb41a60dd..a2656ad94d 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -87,7 +87,7 @@ acceptable.  The framework is illustrated on @ref{fig:x509}.
 * X.509 distinguished names::
 * Verifying X.509 certificate paths::
 * Verifying a certificate in the context of TLS session::
-* Verifying a certificate using SSH-style authentication::
+* Verifying a certificate using trust on first use authentication::
 @end menu
 
 @node X.509 certificate structure
@@ -277,15 +277,16 @@ about the peer's identity. It is required to verify if the
 certificate's owner is the one you expect. For more information
 consult @xcite{RFC2818} and section @ref{ex:verify} for an example.
 
-@node Verifying a certificate using SSH-style authentication
-@subsection Verifying a certificate using SSH-style authentication
+@node Verifying a certificate using trust on first use authentication
+@subsection Verifying a certificate using trust on first use authentication
 @cindex verifying certificate paths
 @cindex SSH-style authentication
+@cindex Trust on first use
 @tindex gnutls_certificate_verify_flags
 
-It is possible to use an SSH-style authentication method in GnuTLS.
-That means that having seen and associated a public key with a host
-is enough to trust it on the subsequent connections.
+It is possible to use a trust on first use (similar to SSH) authentication 
+method in GnuTLS. That means that having seen and associated a public key 
+with a host is enough to trust it on the subsequent connections.
 A hybrid system with X.509 and SSH authentication is 
 shown in @ref{Simple client example with SSH-style certificate verification}.