Apply suggestions from code review

Co-authored-by: Rebecca Tamachiro <[email protected]>

Author: dcpena

src/content/docs/learning-paths/mtls/concepts/benefits.mdx

@@ -5,11 +5,11 @@ sidebar:
   order: 2
 ---
 
-- **Stronger Authentication**: mTLS ensures mutual verification between the client and server, confirming that both parties are who they claim to be. This two-way authentication mechanism prevents impersonation and man-in-the-middle attacks, significantly enhancing the overall security.
+- **Stronger authentication**: mTLS ensures mutual verification between the client and server, confirming that both parties are who they claim to be. This two-way authentication mechanism prevents impersonation and man-in-the-middle attacks, significantly enhancing the overall security.
 
-- **End-to-End Encryption**: All communication between the client and server is encrypted, providing robust protection against eavesdropping and interception. Even if the data is captured by unauthorized parties, it remains secure and unreadable due to encryption.
+- **End-to-end encryption**: All communication between the client and server is encrypted, providing robust protection against eavesdropping and interception. Even if the data is captured by unauthorized parties, it remains secure and unreadable due to encryption.
 
-- **Preserved Data Integrity**: mTLS ensures that data remains unaltered during transit. The protocol verifies the integrity of transmitted information, protecting it from tampering or manipulation by malicious actors, ensuring the data's authenticity.
+- **Preserved data integrity**: mTLS ensures that data remains unaltered during transit. The protocol verifies the integrity of transmitted information, protecting it from tampering or manipulation by malicious actors, ensuring the data's authenticity.
 
-- **Defense Against Insider Threats**: mTLS strengthens internal network security by adding protection against insider threats. Unlike traditional "castle-and-moat" networking, which trusts anything inside the perimeter, mTLS enforces mutual authentication, ensuring all internal communications are verified and secure.
+- **Defense against insider threats**: mTLS strengthens internal network security by adding protection against insider threats. Unlike traditional "castle-and-moat" networking, which trusts anything inside the perimeter, mTLS enforces mutual authentication, ensuring all internal communications are verified and secure.
 

src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx

@@ -5,11 +5,11 @@ sidebar:
   order: 3
 ---
 
-In this implementation guide we will be focusing on the L7 / Application Layer security for HTTP/S requests targeting [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) hostnames, including the [first connection](/ssl/origin-configuration/ssl-modes/) between client and Cloudflare. Use Cloudflare Public Key Infrastructure (PKI) to create Client Certificates.
+In this implementation guide we will be focusing on the L7 / Application Layer security for HTTP/S requests targeting [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) hostnames, including the [first connection](/ssl/origin-configuration/ssl-modes/) between client and Cloudflare. Use Cloudflare Public Key Infrastructure (PKI) to create client certificates.
 
 Some common mTLS use cases are:
-- Protect and verify legitimate API traffic by verifying Client Certificates they provide during TLS/SSL handshakes.
-- Check IoT devices' identity by verifying Client Certificates they provide during TLS/SSL handshakes.
+- Protect and verify legitimate API traffic by verifying client certificates they provide during TLS/SSL handshakes.
+- Check IoT devices' identity by verifying client certificates they provide during TLS/SSL handshakes.
 
 There are two main ways to use mTLS at Cloudflare, either by using the Application Security offering (optionally including [API Shield](/api-shield/)) or [Cloudflare Access](/cloudflare-one/policies/access/). Below is a non-exhaustive overview table of their differences:
 

src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx

@@ -15,8 +15,8 @@ By default, mTLS uses Client Certificates issued by a Cloudflare Managed CA. Clo
 
 ## 1. Enable mTLS
 
-1. Go to your Cloudflare dashboard and select your account.
-2. Select **SSL/TLS** > **[Client Certificates](/ssl/client-certificates/)** tab and add the Hosts (hostnames) you want to [enable mTLS](/ssl/client-certificates/enable-mtls/) for. 
+1. Go to your Cloudflare dashboard and select your account and domain.
+2. Go to **SSL/TLS** > **[Client Certificates](/ssl/client-certificates/)** tab and select **Edit** to add the Hosts (hostnames) you want to [enable mTLS](/ssl/client-certificates/enable-mtls/) for. 
 
     Example host: `mtls-test.example.com`
 

src/content/docs/learning-paths/mtls/mtls-app-security/related-features.mdx

@@ -37,7 +37,7 @@ There are multiple ways to [forward a client certificate](/ssl/client-certificat
 
 ## Bring your own CA for mTLS
 
-If you already have mTLS implemented, client certificates are already installed on devices, and therefore you'd like to use your own Certificate Authority (CA), this is possible by b[ringing your own CA for mTLS](/ssl/client-certificates/byo-ca/).
+If you already have mTLS implemented, client certificates are already installed on devices, and therefore you'd like to use your own Certificate Authority (CA), this is possible by [bringing your own CA for mTLS](/ssl/client-certificates/byo-ca/).
 
 Here you can use the [Replace Hostname Associations API endpoint](/api/operations/client-certificate-for-a-zone-put-hostname-associations) to enable mTLS in each hostname that should use the CA for mTLS validation, essentially associating your CAs specific with hostnames.
 
@@ -53,7 +53,7 @@ Some of the most used methods are [embedding](/ssl/client-certificates/configure
 
 Issuing a certificate is an important step, so if possible, perform thorough client verification.
 
-You can also leverage Service Mesh, where in complex microservices environments, use those to automate and enforce mTLS at scale. For example, Cloudflare services can handle external traffic security, while Service Mesh technologies enforce mTLS for east-west traffic within your network. This ensures that external traffic is secured by Cloudflare, while internal microservice communication is protected using mTLS via the Service Mesh.
+In complex microservices environments, you can leverage Service Mesh to automate and enforce mTLS at scale. For example, Cloudflare services can handle external traffic security, while Service Mesh technologies enforce mTLS for east-west traffic within your network. This ensures that external traffic is secured by Cloudflare, while internal microservice communication is protected using mTLS via the Service Mesh.
 
 ## Customize Cipher Suites
 
@@ -66,7 +66,7 @@ The recommended TLS versions for mTLS are:
 Using outdated versions like TLS 1.0 or 1.1 is not recommended due to known vulnerabilities.
 
 :::note
-For modern mTLS implementations, Elliptic Curve Cryptography (EC) and [modern Cipher Suites](/ssl/edge-certificates/additional-options/cipher-suites/supported-cipher-suites/) are recommended because it offers faster handshakes and better performance, uses smaller key sizes result in reduced computational overhead while maintaining strong security, and EC is more scalable for large-scale deployments, such as in cloud-native applications, microservices, and mobile networks. RSA is only recommended if you have legacy systems that cannot support EC or if you require compatibility with systems that only work with RSA.
+For modern mTLS implementations, Elliptic Curve Cryptography (EC) and [modern cipher suites](/ssl/edge-certificates/additional-options/cipher-suites/supported-cipher-suites/) are recommended because it offers faster handshakes and better performance, uses smaller key sizes which result in reduced computational overhead while maintaining strong security, and EC is more scalable for large-scale deployments, such as in cloud-native applications, microservices, and mobile networks. RSA is only recommended if you have legacy systems that cannot support EC or if you require compatibility with systems that only work with RSA.
 :::
 
 ## TLS Session Resumption

src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx

@@ -9,7 +9,7 @@ sidebar:
 This requires an active Enterprise [Account](/fundamentals/setup/accounts-and-zones/#accounts) with Cloudflare Access enabled.
 :::
 
-Using [mTLS](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) with [Cloudflare Access](/cloudflare-one/policies/access/) is useful for use cases where the customer:
+Setting up [mTLS](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) with [Cloudflare Access](/cloudflare-one/policies/access/) can help in cases where the customer:
 
 - Already has existing Client Certificates on devices.  
 - Needs to protect Access applications with Bring Your Own CA (BYOCA).