diff --git a/architecture/verifier/freshness.md b/architecture/verifier/freshness.md
index b94ba7d..7a3a2bd 100644
--- a/architecture/verifier/freshness.md
+++ b/architecture/verifier/freshness.md
@@ -2,7 +2,7 @@
 
 In order to prevent replay attacks, Veraison employs a two-stage
 challenge-response protocol for verification. First, a verification session is
-created, and a nonce for that session is established. The once is used as a
+created, and a nonce for that session is established. The nonce is used as a
 challenge when generating the attestation report/token which is presented in
 the second stage that results in a signed attestation result produced by the
 verifier.