AWS Security ChangesHomeSearch

AWS privateca medium security documentation change

Service: privateca · 2025-11-13 · Security-related medium

File: privateca/latest/userguide/describe-CA.md

Summary

Updated key and signing algorithm lists to include ML-DSA options

Security assessment

Documenting ML-DSA support aligns with security best practices for post-quantum cryptography, enhancing guidance for secure CA configurations.

Diff

diff --git a/privateca/latest/userguide/describe-CA.md b/privateca/latest/userguide/describe-CA.md
index d5a7247cf..0b41c785c 100644
--- a//privateca/latest/userguide/describe-CA.md
+++ b//privateca/latest/userguide/describe-CA.md
@@ -73 +73 @@ You can use the ACM console or the AWS CLI to view detailed metadata about a pri
-     * **Key algorithm** – The public key algorithm supported by the CA. Possible values are **RSA 2048** , **RSA 3072** , **RSA 4096** , **ECDSA P256** , **ECDSA P384** , and **ECDSA P521**.
+     * **Key algorithm** – The public key algorithm supported by the CA. Possible values are **ML-DSA-44** , **ML-DSA-65** , **ML-DSA-87** , **RSA 2048** , **RSA 3072** , **RSA 4096** , **ECDSA P256** , **ECDSA P384** , and **ECDSA P521**.
@@ -75 +75 @@ You can use the ACM console or the AWS CLI to view detailed metadata about a pri
-     * **Signing algorithm** – The algorithm that the CA uses to sign its own Certificate Signing Request, CRLs, and OCSP responses (Not to be confused with the `SigningAlgorithm` parameter used in the IssueCertificate API.) Possible values are **SHA256 ECDSA** , **SHA384 ECDSA** , **SHA512 ECDSA** , **SHA256 RSA** , **SHA384 RSA** , and **SHA512 RSA**
+     * **Signing algorithm** – The algorithm that the CA uses to sign its own Certificate Signing Request, CRLs, and OCSP responses (Not to be confused with the `SigningAlgorithm` parameter used in the IssueCertificate API.) Possible values are **ML-DSA-44** , **ML-DSA-65** , **ML-DSA-87** , **SHA256 RSA** , **SHA384 RSA** , and **SHA512 RSA** , **SHA256 ECDSA** , **SHA384 ECDSA** , **SHA512 ECDSA**