nit: typo

sgx-bootstrap/attestation/README.md

@@ -203,7 +203,7 @@ For remote attestation, both symmetric and asymmetric key systems are used. The
 
 1. At first, the ISV enclave sends out an initial request to the remote service provider, which includes the **EPID group** the platform claims to currently be a member of.
 2. If the service provider wishes to serve members of the claimed group, it may proceed by requesting an updated **SigRL** from the IAS.
-3. he service provider then constructs a **challenge message** that consists its SPID, a liveliness random nonce, the updated SigRL and an optional basename parameter \(if a pseudonym signature is required\).
+3. The service provider then constructs a **challenge message** that consists its SPID, a liveliness random nonce, the updated SigRL and an optional basename parameter \(if a pseudonym signature is required\).
 4. If the enclave supports the requested signature mode, it invokes the `EREPORT` instruction to create a locally verifiable report addressed to platform’s QE. In order to establish an authenticated secure channel between the enclave and the service provider, a **freshly generated ephemeral public key** may be added to the report’s user data field. The report and SP’s challenge are sent to QE.
 5. _\(Local Attestation happens here\)_ The QE calls `EGETKEY` to obtain the `REPORT KEY` and verifies the report. If successful, QE calls `EGETKEY` again to receive platform’s Provisioning Seal Key to decrypt platform’s remote attestation key \(EPID private key\). The attestation key is first used to produce an identity signature by either signing the challenged basename or a random value, according to the attestation mode requested.
 6. The attestation key is then used to compute two signatures of knowledge over the platform’s identity signature `MRENCLAVE`. **The first** proves the identity signature was signed with a key certified by Intel. **The second** is a non-revoked proof that proves the key used for the identity signature does not create any of the identity signatures listed in the challenged SigRL. A final `QUOTE` is then generated and encrypted using IAS’s public key, which is hardcoded in QE, and the result is sent back to the attesting enclave. The `QUOTE` holds the identity of the attesting enclave, execution mode details \(e.g. SVN level\) and additional data.