We police, improve hyperlinks text, and other text refinements

Author: RebeccaTamachiro

src/content/docs/ssl/keyless-ssl/configuration/public-dns.mdx

@@ -74,4 +74,4 @@ To create a Keyless certificate with the API, send a [`POST`](/api/operations/ke
 
 During TLS handshakes, Cloudflare's keyless client will initiate connections to the key server hostname or IP address you specify during certificate upload. By default, the keyless client will use a destination TCP port of 2407, but this can be changed during certificate upload or by editing the certificate details after upload.
 
-Create WAF custom rules that allow your key server to accept connections from only Cloudflare. We publish our IPv4 and IPv6 addresses [via our API](/api/operations/cloudflare-i-ps-cloudflare-ip-details).
+Create WAF custom rules that allow your key server to accept connections from only Cloudflare. You can get Cloudflare's IPv4 and IPv6 addresses via the [IP details API endpoint](/api/operations/cloudflare-i-ps-cloudflare-ip-details).

src/content/docs/ssl/keyless-ssl/hardware-security-modules/index.mdx

@@ -28,14 +28,14 @@ For more details on initializing your PKCS#11 token, refer to [Configuration](/s
 
 ### Compatibility
 
-We have verified interoperability with the following modules:
+Keyless SSL has interoperability with the following modules:
 
 * [Gemalto SafeNet Luna](https://cpl.thalesgroup.com/compliance/fips-common-criteria-validations)
 * [SoftHSMv2](https://github.com/opendnssec/SoftHSMv2)
 * [Entrust nShield Connect](https://www.entrust.com/digital-security/hsm)
 * [YubiKey Neo](https://www.yubico.com/product/yubikey-neo/)
 
-We’ve also tested with the following Cloud HSM offerings:
+Also, the following cloud HSM offerings have been tested with Keyless SSL:
 
 * [AWS CloudHSM](/ssl/keyless-ssl/hardware-security-modules/aws-cloud-hsm/)
 * [IBM Cloud HSM](/ssl/keyless-ssl/hardware-security-modules/ibm-cloud-hsm/)

src/content/docs/ssl/keyless-ssl/reference/high-availability.mdx

@@ -6,8 +6,8 @@ sidebar:
 
 ---
 
-The Cloudflare Keyless SSL server runs as a single binary with minimal dependencies and is designed to be robust and reliable. The network between your key server and Cloudflare may not be however, which could prevent new TLS connections.
+The Cloudflare Keyless SSL server runs as a single binary with minimal dependencies and is designed to be robust and reliable. However, the network between your key server and Cloudflare may not be, which could prevent new TLS connections.
 
 For this reason, we strongly recommend that you run at least two key servers in a high availability configuration behind a load balancer. Set up health checks for each key server on the configured TCP port—2407 by default and failover as necessary or round-robin between active (healthy) key servers.
 
-From a network availability and performance perspective, advertise the IP address of your key server from multiple data centers (an anycast setup) so the Cloudflare edge can route to the closest key server via BGP. When you use anycast routing, you can also safely take a data center offline to perform maintenance.
+From a network availability and performance perspective, advertise the IP address of your key server from multiple data centers (an anycast setup) so the Cloudflare global network can route to the closest key server via BGP. When you use anycast routing, you can also safely take a data center offline to perform maintenance.

src/content/docs/ssl/keyless-ssl/reference/keyless-delegation.mdx

@@ -6,7 +6,7 @@ sidebar:
 
 ---
 
-Keyless Delegation is [our implementation of the emerging delegated credentials standard](https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/). When you upload a certificate for use with Keyless that has the special extension permitting the use of delegated credentials, Cloudflare will automatically produce a delegated credential and use it at the edge with clients that support this feature. The handshakes will complete without the extra latency induced by reaching back to the Keyless Server, and there are [additional advantages to flexibility in algorithm choice](https://blog.cloudflare.com/keyless-delegation/).
+Keyless Delegation is Cloudflare's implementation of the emerging delegated credentials standard ([RFC 9345](https://www.rfc-editor.org/rfc/rfc9345.html)). When you upload a certificate for use with Keyless that has the special extension permitting the use of delegated credentials, Cloudflare will automatically produce a delegated credential and use it at the edge with clients that support this feature. The handshakes will complete without the extra latency induced by reaching back to the Keyless Server, and there are [additional advantages to flexibility in algorithm choice](https://blog.cloudflare.com/keyless-delegation/).
 
 Behind the scenes we periodically create delegated credentials and sign them via Keyless, through the same mechanism used to sign the Certificate Verify messages our servers send when using Keyless. These credentials have a short lifetime, ensuring that if you disable Keyless the credentials created will become invalid within 24 hours. Supporting clients validate the credential, and the server can use the key it generated to sign the response to the TLS handshake without the round trip.
 

src/content/docs/ssl/keyless-ssl/troubleshooting.mdx

@@ -82,9 +82,9 @@ You will need to either provide a certificate for only those hosts or change the
 
 ## Key servers on Windows
 
-We currently only provide packages for the supported GNU/Linux distributions as per [https://pkg.cloudflare.com/](https://pkg.cloudflare.com/).
+Cloudflare currently only provide packages for the supported GNU/Linux distributions as per the [Cloudflare package repository](https://pkg.cloudflare.com/).
 
-However, the key server is open source so you may attempt to build and deploy a binary, but running on Windows is not a supported configuration so you may experience problems that we will not be able to help with.
+However, the key server is open source so you may attempt to build and deploy a binary, but running on Windows is not a supported configuration so you may experience problems that Cloudflare will not be able to help with.
 
 ## Key server multi-domain support
 

src/content/docs/ssl/keyless-ssl/upgrading-your-key-server.mdx

@@ -23,7 +23,7 @@ To upgrade your key server:
 :::caution
 
 
-If you are running a [high availability configuration](/ssl/keyless-ssl/reference/high-availability/), upgrade one server at a time as new TLS connections will fail to terminate at Cloudflare's edge without a functioning key server.
+If you are running a [high availability configuration](/ssl/keyless-ssl/reference/high-availability/), upgrade one server at a time as new TLS connections will fail to terminate at Cloudflare's global network without a functioning key server.
 
 
 :::

src/content/partials/ssl/keyless-key-server-setup.mdx

@@ -14,7 +14,7 @@ If you plan to run Keyless SSL in a [high availability setup](/ssl/keyless-ssl/r
 
 ### Install
 
-These steps are also at [pkg.cloudflare.com](https://pkg.cloudflare.com/index.html).
+These steps are also at the [Cloudflare package repository](https://pkg.cloudflare.com/).
 
 #### Debian/Ubuntu packages