nit: Update references to draft-ietf-tls-subcerts.

Change-Id: Ica6ea6eaff1849c7ee42be671b22006fe3ee5ff4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35444
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
diff --git a/ssl/internal.h b/ssl/internal.h
index a32122e..16b2866 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1392,7 +1392,7 @@
   static UniquePtr<DC> Parse(CRYPTO_BUFFER *in, uint8_t *out_alert);
 
   // raw is the delegated credential encoded as specified in draft-ietf-tls-
-  // subcerts-02.
+  // subcerts-03.
   UniquePtr<CRYPTO_BUFFER> raw;
 
   // expected_cert_verify_algorithm is the signature scheme of the DC public
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 3a08fe6..c0452dc 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -2717,7 +2717,7 @@
   assert(TLSEXT_TYPE_delegated_credential == 0xff02);
   // TODO: Check that the extension is empty.
   //
-  // As of draft-02, the client sends an empty extension in order indicate
+  // As of draft-03, the client sends an empty extension in order indicate
   // support for delegated credentials. This could change, however, since the
   // spec is not yet finalized. This assertion is here to remind us to enforce
   // this check once the extension ID is assigned.