-------- Original Message -------- Subject: [itar-announce] RSA/SHA-256 records in ITAR; Improvements to anchors2keys Date: Mon, 29 Mar 2010 12:00:54 -0700 From: Kim Davies <kim.davies(a)icann.org> To: itar-announce(a)icann.org <itar-announce(a)icann.org> Dear colleagues, Last week, a top-level domain (.ARPA) was published in the Interim Trust Anchor Repository with the RSA/SHA-256 key algorithm. This is the first time this algorithm, published last October as RFC 5702, has been used by a TLD. Users of the ITAR should bear this in mind, particularly with respect to support of this algorithm in your validators. We've also recently made some updated to the "anchors2keys" script, based on requests from users: * Ability to add a header to the output with the "--header" command line argument. * Imports the SHA256 function from PyCrypto if you have it installed. SHA256 functions were built-in to Python from version 2.5 onward, so this helps support older installations. The revised version of the script is available at https://itar.iana.org/_misc/anchors2keys Finally, if you aren't aware, efforts to sign the DNS root zone proper are well underway. We have stated that ITAR is a limited-term project, due to be decommissioned once the root zone is signed. The current proposed timeline would see the root zone signing completed in July 2010. Our current intention is to consult with the community after that date on the future of ITAR. More information on the root zone singing project is at: http://www.root-dnssec.org/ With kindest regards, Kim Davies Manager, Root Zone Services ICANN _______________________________________________ itar-announce mailing list itar-announce(a)icann.org https://mm.icann.org/mailman/listinfo/itar-announce