diff --git a/docs/docs/architecture/attestation.md b/docs/docs/architecture/attestation.md
index 5693c88b6..3c1f40cfd 100644
--- a/docs/docs/architecture/attestation.md
+++ b/docs/docs/architecture/attestation.md
@@ -361,7 +361,7 @@ When a cluster is [created](../workflows/create.md), the CLI automatically verif
 2. The first node sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. 
 3. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI.
 
-After this, the aTLS connection is closed. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a TLS connection.
+After this, the aTLS connection is closed. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection.
 
 The first node bootstraps the Kubernetes cluster and provisions the cluster's JoinService with the runtime measurements received from the CLI. The JoinService verifies the runtime measurements of all subsequent nodes that join the cluster accordingly.