diff --git a/codegen/src/main/resources/software/amazon/awssdk/codegen/rules/AuthSchemeUtils.java.resource b/codegen/src/main/resources/software/amazon/awssdk/codegen/rules/AuthSchemeUtils.java.resource
index e90be4fdde7c..ce95d9cb9699 100644
--- a/codegen/src/main/resources/software/amazon/awssdk/codegen/rules/AuthSchemeUtils.java.resource
+++ b/codegen/src/main/resources/software/amazon/awssdk/codegen/rules/AuthSchemeUtils.java.resource
@@ -3,7 +3,7 @@ import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-import software.amazon.awssdk.annotations.SdkProtectedApi;
+import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.awscore.endpoints.authscheme.EndpointAuthScheme;
 import software.amazon.awssdk.awscore.endpoints.authscheme.SigV4AuthScheme;
 import software.amazon.awssdk.awscore.endpoints.authscheme.SigV4aAuthScheme;
@@ -15,9 +15,7 @@ import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
 import software.amazon.awssdk.identity.spi.Identity;
 import software.amazon.awssdk.utils.Logger;
 
-// TODO(sra-identity-auth): seems like this can be SdkInternalApi, similar to other .resource files in this folder,
-//  since they are generated in each service module
-@SdkProtectedApi
+@SdkInternalApi
 public final class AuthSchemeUtils {
     private static final Logger LOG = Logger.loggerFor(AuthSchemeUtils.class);
 
diff --git a/core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/util/SignerUtils.java b/core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/util/SignerUtils.java
index e39ded678442..f1fc97b970a4 100644
--- a/core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/util/SignerUtils.java
+++ b/core/http-auth-aws/src/main/java/software/amazon/awssdk/http/auth/aws/internal/signer/util/SignerUtils.java
@@ -225,8 +225,6 @@ public static InputStream getBinaryRequestPayloadStream(ContentStreamProvider st
 
     public static byte[] hash(InputStream input) {
         try {
-            // TODO(sra-identity-and-auth): Performance testing to verify if we should cache message digest instances
-            //  (thread-local)
             MessageDigest md = getMessageDigestInstance();
             byte[] buf = new byte[4096];
             int read = 0;