AWS prescriptive-guidance documentation change
Summary
Updated breadcrumb link, revised AWS-LC library description, and modified cryptographic algorithm table entries for key agreement and signatures
Security assessment
Changes involve clarifications and table formatting updates without addressing vulnerabilities. Algorithm modifications appear to be documentation corrections (e.g., separating ECDSA curves) rather than security fixes. No CVE or vulnerability references present.
Diff
diff --git a/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md b/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md index 5dd67864f..d6d035e72 100644 --- a//prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md +++ b//prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md @@ -5 +5 @@ -[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Encryption best practices and features for AWS services](welcome.html) +[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Encryption best practices and features for AWS services](introduction.html) @@ -19 +19 @@ AWS follows the [shared responsibility model](https://aws.amazon.com/compliance/ -AWS defaults to high-assurance cryptographic implementations and prefers hardware-optimized solutions that are efficient. Our cryptographic core library, [AWS-LC](https://github.com/aws/aws-lc), is available as open source for transparency and industry-wide reuse. Many cryptographic algorithm implementations in AWS-LC are formally verified to increase assurance of the correctness and security of the implementation in several different platforms. The library is also validated under NIST's FIPS-140 program. +AWS defaults to high-assurance cryptographic implementations and prefers hardware-optimized solutions that are efficient. Our cryptographic core library, [AWS-LC](https://github.com/aws/aws-lc), is available as open source for transparency and industry-wide reuse. The recommended cryptographic algorithms in AWS-LC are formally verified for correctness, and the library is validated under NIST's FIPS-140 program. @@ -58 +58 @@ Key agreement | ML-KEM-768 or ML-KEM-1024 | Preferred (quantum-resistant) -Key agreement | ECDH(E) with P-256, P-384, P-521, or X25519 | Acceptable +Key agreement| ECDSA with P-256, P-384, P-521, or Ed25519| Acceptable @@ -62 +62,2 @@ Signatures | SLH-DSA | Acceptable (quantum-resistant) -Signatures | ECDSA with P-256, P-384, P-521, or Ed25519 | Acceptable +Signatures| ECDSA with P-384| Acceptable +Signatures| ECDSA with P-256, P-521, or Ed25519| Acceptable