From 14e87374d897443c624bb69f00b38db35721733f Mon Sep 17 00:00:00 2001
From: Mygod <mygodstudio@gmail.com>
Date: Wed, 11 Jan 2017 23:46:43 +0800
Subject: [PATCH] Refine doc for OTA

---
 src/content/en/spec/03-one-time-auth.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/en/spec/03-one-time-auth.md b/src/content/en/spec/03-one-time-auth.md
index 3496ebed..8ab4fdf9 100644
--- a/src/content/en/spec/03-one-time-auth.md
+++ b/src/content/en/spec/03-one-time-auth.md
@@ -1,4 +1,4 @@
-One-time authentication (shortened as _OTA_) is a new experimental feature designed to improve the security against [CCA](https://en.wikipedia.org/wiki/Chosen-ciphertext_attack). You should understand the [protocol](protocol.html) before reading this document.
+One-time authentication (shortened as _OTA_) is a feature designed to protect encryption against tampering and therefore become IND-CCA2-secure ([proof](https://pdfs.semanticscholar.org/3d3a/a72c6b95a9efdcbe9b4e42c0a9006f8d2d42.pdf)). You should understand the [protocol](protocol.html) before reading this document.
 
 By default, the server that supports OTA should run in the compatible mode. OTA is only applied if the client's request header has a flag set. However, if the server switch on OTA explicitly, all clients must switch on OTA, otherwise connections will be denied.