[dns-operations] Updated Certificates for DNSSEC Trust Anchor Validation
Andres Pavez
andres.pavez at iana.org
Fri May 29 17:08:59 UTC 2026
Dear Colleagues,
IANA has published a new Certificate Authority (CA) certificate that is used for validating the authenticity of the DNS root zone trust anchors file.
This impacts those who verify the integrity of the DNS root zone trust anchors file (root-anchors.xml) using the detached signatures. Signatures chaining to the new certificate are expected to be published in 2028 at which time relying parties must validate using the new certificate.
Both the current and new certificates are available at: https://data.iana.org/root-anchors/icannbundle.pem
Considerations for updating the trust anchor are described in DNSSEC Trust Anchor Publication for the Root Zone (RFC 9718).
Thank you,
--
Andres Pavez
Cryptographic Key Manager
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5727 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20260529/fa936fe4/attachment.bin>
More information about the dns-operations
mailing list