AWS privateca medium security documentation change
Summary
Updated key and signing algorithm lists to include ML-DSA options
Security assessment
Documenting ML-DSA support aligns with security best practices for post-quantum cryptography, enhancing guidance for secure CA configurations.
Diff
diff --git a/privateca/latest/userguide/describe-CA.md b/privateca/latest/userguide/describe-CA.md index d5a7247cf..0b41c785c 100644 --- a//privateca/latest/userguide/describe-CA.md +++ b//privateca/latest/userguide/describe-CA.md @@ -73 +73 @@ You can use the ACM console or the AWS CLI to view detailed metadata about a pri - * **Key algorithm** – The public key algorithm supported by the CA. Possible values are **RSA 2048** , **RSA 3072** , **RSA 4096** , **ECDSA P256** , **ECDSA P384** , and **ECDSA P521**. + * **Key algorithm** – The public key algorithm supported by the CA. Possible values are **ML-DSA-44** , **ML-DSA-65** , **ML-DSA-87** , **RSA 2048** , **RSA 3072** , **RSA 4096** , **ECDSA P256** , **ECDSA P384** , and **ECDSA P521**. @@ -75 +75 @@ You can use the ACM console or the AWS CLI to view detailed metadata about a pri - * **Signing algorithm** – The algorithm that the CA uses to sign its own Certificate Signing Request, CRLs, and OCSP responses (Not to be confused with the `SigningAlgorithm` parameter used in the IssueCertificate API.) Possible values are **SHA256 ECDSA** , **SHA384 ECDSA** , **SHA512 ECDSA** , **SHA256 RSA** , **SHA384 RSA** , and **SHA512 RSA** + * **Signing algorithm** – The algorithm that the CA uses to sign its own Certificate Signing Request, CRLs, and OCSP responses (Not to be confused with the `SigningAlgorithm` parameter used in the IssueCertificate API.) Possible values are **ML-DSA-44** , **ML-DSA-65** , **ML-DSA-87** , **SHA256 RSA** , **SHA384 RSA** , and **SHA512 RSA** , **SHA256 ECDSA** , **SHA384 ECDSA** , **SHA512 ECDSA**