[dns-operations] Signing of the ARPA zone

Joe Abley joe.abley at icann.org
Tue Mar 23 15:04:46 UTC 2010

Hi Chris,

On 2010-03-23, at 05:13, Chris Thompson wrote:

> On Mar 17 2010, Joe Abley wrote:
>> If no harmful effects have been identified by 2010-03-21 the trust
>> anchor for the ARPA zone will be published through the IANA ITAR at
>> <https://itar.iana.org/>.
> Were any harmful effects discovered? ('cos it's not in the IANA ITAR yet)

We have neither observed nor been informed of any harmful effects.

The workflow by which a trust anchor is added to the ITAR includes a form where the KSK algorithm has to be entered from a drop-down list. We realised on Sunday that there is currently no way to specify the key algorithm RSASHA256 on that form.

The code changes to the ITAR to allow such a key algorithm to be specified are evidently minor, and we expect implementation, testing and promotion to production to happen in the next day or two. ARPA's trust anchor will be added once that work is done.

Apologies for the delay.



More information about the dns-operations mailing list