AWS rolesanywhere documentation change
Summary
Added ML-DSA to list of supported signature validation algorithms
Security assessment
Expands documentation of supported cryptographic algorithms (security feature) but does not address a specific security vulnerability.
Diff
diff --git a/rolesanywhere/latest/userguide/trust-model.md b/rolesanywhere/latest/userguide/trust-model.md index 835d75797..7ed5f8720 100644 --- a//rolesanywhere/latest/userguide/trust-model.md +++ b//rolesanywhere/latest/userguide/trust-model.md @@ -66 +66 @@ For more information, see: -To authenticate a request for credentials, IAM Roles Anywhere validates the incoming signature by using the signature validation algorithm required by the key type of the certificate, for example RSA or ECDSA. After validating the signature, IAM Roles Anywhere checks that the certificate was issued by a certificate authority configured as a trust anchor in the account using algorithms defined by public key infrastructure X.509 (PKIX) standards. +To authenticate a request for credentials, IAM Roles Anywhere validates the incoming signature by using the signature validation algorithm required by the key type of the certificate, for example RSA, ECDSA or ML-DSA. After validating the signature, IAM Roles Anywhere checks that the certificate was issued by a certificate authority configured as a trust anchor in the account using algorithms defined by public key infrastructure X.509 (PKIX) standards.