AWS payment-cryptography documentation change
Summary
Updated service references from 'AWS Promotional Credit' to 'AWS Payment Cryptography', added 'How to use it' section, and fixed documentation links.
Security assessment
The changes enhance documentation for post-quantum TLS (PQTLS), a security feature protecting against future quantum computing threats. No vulnerability fix is indicated - only clarifications and link updates.
Diff
diff --git a/payment-cryptography/latest/userguide/pqtls.md b/payment-cryptography/latest/userguide/pqtls.md index 4525bbcdb..c3e6d7e88 100644 --- a//payment-cryptography/latest/userguide/pqtls.md +++ b//payment-cryptography/latest/userguide/pqtls.md @@ -7 +7 @@ -About post-quantum TLSAbout PQC +About post-quantum TLSHow to use itAbout PQC @@ -11 +11 @@ About post-quantum TLSAbout PQC -AWS Promotional Credit and many other services supports a hybrid post-quantum key exchange option for the Transport Layer Security (TLS) network encryption protocol. You can use this TLS option when you connect to API endpoints or when using the AWS SDKs. These optional hybrid post-quantum key exchange features are at least as secure as the TLS encryption we use today and are likely to provide additional long-term security benefits. +AWS Payment Cryptography and many other services supports a hybrid post-quantum key exchange option for the Transport Layer Security (TLS) network encryption protocol. You can use this TLS option when you connect to API endpoints or when using the AWS SDKs. These optional hybrid post-quantum key exchange features are at least as secure as the TLS encryption we use today and are likely to provide additional long-term security benefits. @@ -13 +13 @@ AWS Promotional Credit and many other services supports a hybrid post-quantum ke -The data that you send to enabled services is protected in transit by the encryption provided by a Transport Layer Security (TLS) connection. The classic cipher suites based on RSA and ECC that AWS Promotional Credit supports for TLS sessions make brute force attacks on the key exchange mechanisms infeasible with current technology. However, if large scale or cryptographically relevant quantum computers (CRQC) becomes practical in the future, the existing TLS key exchange mechanisms will be susceptible to these attacks. It is possible that adversaries may begin harvesting encrypted data now with the hope that they can decrypt it in the future (harvest now, decrypt later). If you’re developing applications that rely on the long-term confidentiality of the data passed over a TLS connection, you should consider a plan to migrate to post-quantum cryptography before large-scale quantum computers become available for use. AWS is working to prepare for this future, and we want you to be well-prepared, too. +The data that you send to enabled services is protected in transit by the encryption provided by a Transport Layer Security (TLS) connection. The classic cipher suites based on RSA and ECC that AWS Payment Cryptography supports for TLS sessions make brute force attacks on the key exchange mechanisms infeasible with current technology. However, if large scale or cryptographically relevant quantum computers (CRQC) becomes practical in the future, the existing TLS key exchange mechanisms will be susceptible to these attacks. It is possible that adversaries may begin harvesting encrypted data now with the hope that they can decrypt it in the future (harvest now, decrypt later). If you’re developing applications that rely on the long-term confidentiality of the data passed over a TLS connection, you should consider a plan to migrate to post-quantum cryptography before large-scale quantum computers become available for use. AWS is working to prepare for this future, and we want you to be well-prepared, too. @@ -19 +19 @@ To protect data encrypted today against potential future attacks, AWS is partici -These hybrid cipher suites are available for use on your production workloads when using recent versions of the AWS SDKs. For more information about how to enable/disable this behavior, please see [Enabling hybrid post-quantum TLS](./pqtls-details.html) +These hybrid cipher suites are available for use on your production workloads when using recent versions of the AWS SDKs. For more information about how to enable/disable this behavior, please see [Enabling hybrid post-quantum TLS](https://docs.aws.amazon.com/sdkref/latest/guide/pqc-tls-sdks.html). @@ -26,0 +27,4 @@ The algorithms that AWS uses are a _hybrid_ that combines [Elliptic Curve Diffie +## How to use it + +For information about enabling hybrid post-quantum TLS in the AWS SDKs, see [Enabling hybrid post-quantum TLS](https://docs.aws.amazon.com/sdkref/latest/guide/pqtls-details.html). +