AWS acm documentation change
Summary
Added exception allowing removal of keyEncipherment Key Usage from ECDSA certificates during reimport to comply with RFC 5480.
Security assessment
This change adds documentation about an exception for ECDSA certificate reimports to align with RFC 5480 standards. It documents security-related certificate validation rules but doesn't indicate a security vulnerability. The change appears to be a documentation update to reflect technical standards compliance.
Diff
diff --git a/acm/latest/userguide/import-reimport.md b/acm/latest/userguide/import-reimport.md index 3eddacb7c..f0f4fdc28 100644 --- a//acm/latest/userguide/import-reimport.md +++ b//acm/latest/userguide/import-reimport.md @@ -18,0 +19,2 @@ The following conditions apply when you reimport a certificate: +**Exception:** You can remove the `keyEncipherment` Key Usage from ECDSA certificates. This accommodates [RFC 5480 Section 3](https://www.rfc-editor.org/rfc/rfc5480#section-3), which does not include `keyEncipherment` as a permitted Key Usage for ECDSA keys. +