-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear colleagues,
Some of you have already noticed that the Interim Trust Anchor Repository
listed its first trust anchor for an NSEC3 signed zone. The anchor, for
.GOV, was added on Thursday.
Those who do not have NSEC3 support in their validating resolvers may have
trouble importing this trust anchor. To help you in this scenario, we have
added some additional functionality to the "anchors2keys" tools available
from the ITAR website.
You can now invoke this script with a "--skip-nsec3" command line option
and it will not generate the DNSKEY records for the zones signed with
NSEC3. Note well, this means you can not validate these zones that are
skipped as there will be no trust anchor listed.
The revised version of the script is available at
https://itar.iana.org/_misc/anchors2keys
With kindest regards,
Kim Davies
Internet Assigned Numbers Authority
-----BEGIN PGP SIGNATURE-----
Version: 9.9.1.287
wj8DBQFJupfM3AePosm0KEgRAifoAJ0bN+fc3rNPWV+WtYZOIAdy8JcnRACg1N2j
vdHLasOpDzF5iaM3jiFULqg=
=Txq8
-----END PGP SIGNATURE-----
