AWS rolesanywhere medium security documentation change
Summary
Removed ML-DSA from certificate validation algorithms
Security assessment
Modifies trust model to exclude ML-DSA, affecting core authentication security. Completes removal of ML-DSA from trust chain.
Diff
diff --git a/rolesanywhere/latest/userguide/trust-model.md b/rolesanywhere/latest/userguide/trust-model.md index 7ed5f8720..835d75797 100644 --- a//rolesanywhere/latest/userguide/trust-model.md +++ b//rolesanywhere/latest/userguide/trust-model.md @@ -66 +66 @@ For more information, see: -To authenticate a request for credentials, IAM Roles Anywhere validates the incoming signature by using the signature validation algorithm required by the key type of the certificate, for example RSA, ECDSA or ML-DSA. After validating the signature, IAM Roles Anywhere checks that the certificate was issued by a certificate authority configured as a trust anchor in the account using algorithms defined by public key infrastructure X.509 (PKIX) standards. +To authenticate a request for credentials, IAM Roles Anywhere validates the incoming signature by using the signature validation algorithm required by the key type of the certificate, for example RSA or ECDSA. After validating the signature, IAM Roles Anywhere checks that the certificate was issued by a certificate authority configured as a trust anchor in the account using algorithms defined by public key infrastructure X.509 (PKIX) standards.