Dear Colleagues,

IANA has published a new Certificate Authority (CA) certificate that is used 
for validating the authenticity of the DNS root zone trust anchors file.

This impacts those who verify the integrity of the DNS root zone trust anchors 
file (root-anchors.xml) using the detached signatures. Signatures chaining to 
the new certificate are expected to be published in 2028 at which time relying 
parties must validate using the new certificate.

Both the current and new certificates are available at: 
https://data.iana.org/root-anchors/icannbundle.pem

Considerations for updating the trust anchor are described in DNSSEC Trust 
Anchor Publication for the Root Zone (RFC 9718).

Thank you,
-- 
Andres Pavez 
Cryptographic Key Manager 



Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Reply via email to