Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add signature algorithms reference #47976

Merged
merged 2 commits into from
Oct 30, 2024
Merged

docs: add signature algorithms reference #47976

merged 2 commits into from
Oct 30, 2024

Conversation

nklaassen
Copy link
Contributor

This PR adds documentation for the Modern Signature Algorithms feature being release in v17.0.0.
The issue is tracked here and the RFD is here.

@nklaassen nklaassen requested a review from ptgott October 26, 2024 01:05
@nklaassen nklaassen mentioned this pull request Oct 26, 2024
Closed
@aws-amplify-us-west-2 AWS Amplify (us-west-2)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-47976.d3pp5qlev8mo18.amplifyapp.com

@nklaassen nklaassen added the no-changelog Indicates that a PR does not require a changelog entry label Oct 26, 2024
@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-1ltuyri20-goteleport.vercel.app/docs/ver/preview

zmb3
zmb3 approved these changes Oct 28, 2024
View reviewed changes
docs/pages/reference/signature-algorithms.mdx Outdated Show resolved Hide resolved
ptgott
ptgott approved these changes Oct 28, 2024
View reviewed changes
docs/pages/reference/signature-algorithms.mdx Outdated Show resolved Hide resolved
docs/pages/reference/signature-algorithms.mdx Outdated
Comment on lines 13 to 17
Historically, every Teleport-issued certificate was signed by a 2048-bit RSA key.
RSA is one of the oldest and most well-known asymmetric cryptography algorithms.
While it is still considered secure (as long as your keys are large enough),
modern alternatives based on Elliptic-Curve Cryptography offer much better
performance with smaller keys and better security.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the algorithms are configurable, I would use this paragraph to describe when a user would want to configure the algorithm used, i.e., when they would want to continue reading in order to choose an algorithm to configure (answering the question, "Does this guide apply to my use case?").

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

edited the full intro to:

The Teleport Auth Service issues SSH and TLS certificates to users and hosts that allow all connections to be authenticated, authorized, and encrypted. This page describes the cryptographic signature algorithms used to sign each kind of certificate issued by Teleport.

Continue reading to learn how to:

  • configure a Teleport cluster created before Teleport 17 to use fast and secure elliptic-curve keys
  • configure your cluster to use FIPS-compatible signature algorithms
  • configure your cluster to use signature algorithms compatible with your HSM or KMS.

docs/pages/reference/signature-algorithms.mdx Outdated Show resolved Hide resolved
docs/pages/reference/signature-algorithms.mdx Outdated Show resolved Hide resolved
docs/pages/reference/signature-algorithms.mdx Outdated Show resolved Hide resolved
@nklaassen nklaassen enabled auto-merge October 30, 2024 01:15
@github-actions GitHub Actions
Copy link

🤖 Vercel preview here: https://docs-clneyjykg-goteleport.vercel.app/docs/ver/preview

@nklaassen nklaassen added this pull request to the merge queue Oct 30, 2024
Merged via the queue into master with commit 17993cf Oct 30, 2024
40 of 41 checks passed
@nklaassen nklaassen deleted the nklaassen/msa-docs branch October 30, 2024 01:37
nklaassen added a commit that referenced this pull request Oct 30, 2024
@nklaassen
[v17] docs: add signature algorithms reference (#47976)
cbac158 
Backport #47976 to branch/v17
@nklaassen nklaassen mentioned this pull request Oct 30, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Oct 30, 2024
@nklaassen
[v17] docs: add signature algorithms reference (#47976) (#48112)
2a4d02e 
Backport #47976 to branch/v17
ptgott pushed a commit that referenced this pull request Nov 15, 2024
@nklaassen @ptgott
docs: add signature algorithms reference
63884bf 
Backports #47976

* docs: add signature algorithms reference

* edits
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptgott ptgott ptgott approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees
No one assigned
Labels
documentation no-changelog Indicates that a PR does not require a changelog entry size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nklaassen @zmb3 @ptgott