Greetings, IANA has published a new Certificate Authority (CA) certificate used to validate the authenticity of the DNS root zone trust anchors file (`root-anchors.xml`).
The updated certificate bundle is available at: https://data.iana.org/root-anchors/icannbundle.pem This bundle currently contains both the existing certificate and its replacement certificate. Signatures chaining to the new certificate are expected to be published in 2028, at which point relying parties will need to validate using the new certificate. Affected file(s): * [usr.sbin/unbound/smallapp/unbound-anchor.c](https://github.com/openbsd/src/blob/293caf0d3fbcaa7970dcbd7d26dff73771762c60/usr.sbin/unbound/smallapp/unbound-anchor.c) Please review whether the trust anchor validation material in this repository should be updated to include the current contents of `icannbundle.pem`. Considerations for updating the trust anchor are described in*DNSSEC Trust Anchor Publication for the Root Zone* (RFC 9718). Thank you. -- Andres Pavez Cryptographic Key Manager
