Version 2016.3.9 is a bugfix release for 2016.3.0.
New master configuration option allow_minion_key_revoke, defaults to True. This option controls whether a minion can request that the master revoke its key. When True, a minion can request a key revocation and the master will comply. If it is False, the key will not be revoked by the msater.
New master configuration option require_minion_sign_messages This requires that minions cryptographically sign the messages they publish to the master. If minions are not signing, then log this information at loglevel 'INFO' and drop the message without acting on it.
New master configuration option drop_messages_signature_fail Drop messages from minions when their signatures do not validate. Note that when this option is False but require_minion_sign_messages is True minions MUST sign their messages but the validity of their signatures is ignored.
New minion configuration option minion_sign_messages Causes the minion to cryptographically sign the payload of messages it places on the event bus for the master. The payloads are signed with the minion's private key so the master can verify the signature with its public key.