<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace">Insisto en que The Trust Anchor es un excelente nombre para un restorán.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 5, 2024 at 6:04 PM Carlos M. Martinez | LACNIC <<a href="mailto:carlos@lacnic.net">carlos@lacnic.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Gracias Andres !</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 5 Nov 2024 at 7:12 PM Andres Pavez <<a href="mailto:andres.pavez@iana.org" target="_blank">andres.pavez@iana.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Dear Colleagues,
<br>
<br>We are reaching out to inform you of important changes to the DNSSEC trust anchor in the root zone. If you manage a validating DNS resolver or a tool that interacts with the DNS root zone you might need to change your software to handle the changes. This letter provides a summary of the upcoming changes and gives pointers to resources that describe them in detail.
<br>
<br>*Upcoming addition of the KSK-2024 trust anchor*
<br>
<br>On January 11, 2025, a new trust anchor, codenamed KSK-2024, will appear in the root zone for the global DNS. This key was generated earlier this year and will co-exist with the current trust anchor, codenamed KSK-2017. The new DNSKEY record is:
<br>
<br>. 172800 IN DNSKEY 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/c idltpkyGwCJNnOAlFNKF2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHb GiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdpWWmEnhathWu1jo+s iFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqp dVwuMoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ 1K+s2CXkPIZo7s6JgZyvaBevYtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUe
<br>ayffKC73PYc=
<br>
<br>As a result of this addition, some DNS responses may be larger during the transition period. If your software uses the RFC 5011 process for managing trust anchors, KSK-2024 will be automatically trusted about one month after its introduction to the root zone. There are two important planned dates:
<br>
<br>* October 11, 2026: KSK-2024 will begin signing the root zone.
<br>* January 11, 2027: KSK-2017 is scheduled to be revoked.
<br>
<br>For a detailed description of the rollover process, please refer to <a href="https://www.iana.org/dnssec/files" target="_blank">https://www.iana.org/dnssec/files</a>
<br>
<br>*New trust anchor file*
<br>
<br>IANA has issued a new trust anchor file using the updated XML format described in <a href="https://datatracker.ietf.org/doc/" target="_blank">https://datatracker.ietf.org/doc/</a>draft-ietf-dnsop-rfc7958bis/ , which has recently been approved to be published as an RFC. The new trust anchor file contains additional data that was not provided in previous versions of the file.
<br>
<br>If your software or processes use the IANA trust anchor file (published at <a href="https://data.iana.org/root-anchors/" target="_blank">https://data.iana.org/root-anchors/</a>root-anchors.xml ), you should ensure you have processes to retrieve it regularly (such as weekly) and check your systems can process the revised format of the file.
<br>
<br>*Keep in touch*
<br>
<br>Operational announcements regarding trust anchors and rollovers are published on the root-dnssec-announce mailing list at <a href="https://lists.icann.org/postorius/" target="_blank">https://lists.icann.org/postorius/</a>lists/<a href="http://root-dnssec-announce.icann.org/">root-dnssec-announce.icann.org/</a> . A separate ksk-rollover mailing list is a forum for discussion specific to rollovers can be found at <a href="https://lists.icann.org/postorius/" target="_blank">https://lists.icann.org/postorius/</a>lists/<a href="http://ksk-rollover.icann.org/" target="_blank">ksk-rollover.icann.org/</a> .
<br>
<br>Best regards,
<br>--
<br>Andres Pavez
<br>Cryptographic Key Manager
<br>
<br>_______________________________________________
<br>LACNOG mailing list
<br><a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a>
<br><a href="https://mail.lacnic.net/mailman/" target="_blank">https://mail.lacnic.net/mailman/</a>listinfo/lacnog
<br>Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/" target="_blank">https://mail.lacnic.net/mailman/</a>options/lacnog
<br></blockquote></div></div>_______________________________________________<br>
LACNOG mailing list<br>
<a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lacnog</a><br>
Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/options/lacnog</a><br>
</blockquote></div></div>