@@ -107,9 +107,9 @@ If the adversary did not intercept the prior exchange of long-term public keys a
### 2.4 Proof of Ownership
The master key depends on both peers' long-term and ephemeral public keys, as well as on shared secrets that can only be derived by the owners of those keys. Each peer sends a message authentication code to prove that it has derived the correct master key, which in turn proves that it owns the long-term and ephemeral public keys received by the other peer, and has received the long-term and ephemeral public keys sent by the other peer.
The master key depends on both peers' long-term and ephemeral public keys, as well as on shared secrets that can only be derived by the owners of those keys. Each peer sends proof that it has derived the correct master key, which in turn proves that it owns the long-term and ephemeral public keys received by the other peer, and has received the long-term and ephemeral public keys sent by the other peer.
Each peer calculates its own message authentication code and the code it expects to receive from the other peer. If the code received from the other peer differs from the expected code then the peer must abort the protocol.
Each peer calculates its own proof and the proof it expects to receive from the other peer. If the proof received from the other peer differs from the expected proof then the peer must abort the protocol.
