-------- Original Message --------
Subject: [itar-announce] RSA/SHA-256 records in ITAR; Improvements to
Date: Mon, 29 Mar 2010 12:00:54 -0700
From: Kim Davies <kim.davies(a)icann.org>
To: itar-announce(a)icann.org <itar-announce(a)icann.org>
Last week, a top-level domain (.ARPA) was published in the Interim Trust
Anchor Repository with the RSA/SHA-256 key algorithm. This is the first
time this algorithm, published last October as RFC 5702, has been used
by a TLD. Users of the ITAR should bear this in mind, particularly with
respect to support of this algorithm in your validators.
We've also recently made some updated to the "anchors2keys" script, based
on requests from users:
* Ability to add a header to the output with the "--header"
command line argument.
* Imports the SHA256 function from PyCrypto if you have it installed.
SHA256 functions were built-in to Python from version 2.5 onward,
so this helps support older installations.
The revised version of the script is available at
Finally, if you aren't aware, efforts to sign the DNS root zone proper
are well underway. We have stated that ITAR is a limited-term project, due
to be decommissioned once the root zone is signed. The current proposed
timeline would see the root zone signing completed in July 2010. Our current
intention is to consult with the community after that date on the future
More information on the root zone singing project is at:
With kindest regards,
Manager, Root Zone Services
itar-announce mailing list