We would like to announce that the Proposal for Root Zone KSK Algorithm Rollover has been released for public comment and is available for review on the ICANN website:
https://www.icann.org/en/public-comment/proceeding/proposed-root-ksk-algorithm-rollover-03-02-2026 The proposal describes a multi-year plan to generate a new ECDSA Root KSK in 2027 and retire the RSA Root KSK by 2030. It includes: * Transitioning the DNS root KSK from RSA/SHA-256 to ECDSA P-256/SHA-256 * Following a traditional double-signing approach, with both algorithms running in parallel during the transition * Adjusting the RSA ZSK size from 2048 to 1536 bits prior to the transition, to reduce the possible need to truncation and retransmission over TCP. Community feedback on the methodology, timeline, operational readiness, and any additional risks is encouraged. The public comment period is open through 6 April 2026. Thanks, -- Andres Pavez Cryptographic Key Manager
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
