AWS privateca documentation change
Summary
Added ML_DSA_44, ML_DSA_65, and ML_DSA_87 algorithms to supported key and signing algorithms for Certificate Authorities
Security assessment
The change introduces new cryptographic algorithms (ML_DSA variants) which appear to be security-related enhancements, but there's no explicit mention of addressing a specific vulnerability or security incident in the diff.
Diff
diff --git a/privateca/latest/userguide/list-CAs.md b/privateca/latest/userguide/list-CAs.md index 3e447c33b..c9413ce62 100644 --- a//privateca/latest/userguide/list-CAs.md +++ b//privateca/latest/userguide/list-CAs.md @@ -30 +30 @@ You can use the AWS Private CA console or AWS CLI to list private CAs that you o - * **Key algorithm** – The public key algorithm supported by the CA. Possible values are **RSA_2048** , **RSA_3072** , **RSA_4096** , **EC_prime256v1** , **EC_secp384r1** , and **EC_secp521r1**. + * **Key algorithm** – The public key algorithm supported by the CA. Possible values are **ML_DSA_44** , **ML_DSA_65** , **ML_DSA_87** , **RSA_2048** , **RSA_3072** , **RSA_4096** , **EC_prime256v1** , **EC_secp384r1** , and **EC_secp521r1**. @@ -32 +32 @@ You can use the AWS Private CA console or AWS CLI to list private CAs that you o - * **Signing algorithm** – The algorithm that the CA uses to sign certificate requests. (Not to be confused with the `SigningAlgorithm` parameter used to sign certificates when they are issued.) Possible values are **SHA256WITHECDSA** , **SHA384WITHECDSA** , **SHA512WITHECDSA** , **SHA256WITHRSA** , **SHA384WITHRSA** , and **SHA512WITHRSA**. + * **Signing algorithm** – The algorithm that the CA uses to sign certificate requests. (Not to be confused with the `SigningAlgorithm` parameter used to sign certificates when they are issued.) Possible values are **ML_DSA_44** , **ML_DSA_65** , **ML_DSA_87** , **SHA256WITHRSA** , **SHA384WITHRSA** , **SHA512WITHRSA** , **SHA256WITHECDSA** , **SHA384WITHECDSA** , and **SHA512WITHECDSA**.