AWS Private CA now supports post-quantum ML-DSA X.509 certificates. That means quantum-resistant roots of trust - for code signing, mTLS, and device auth. It's wired up with AWS KMS, so you can handle signing workflows using ML-DSA keys and verify them with standard tools like OpenSSL using CMS detached signatures.
Big picture: AWS is baking post-quantum crypto straight into its PKI and signing stack. Itβs not just future-proofing - they're pulling the future forward.
