Dec. 16, 2019
3:34 a.m.
then considerations should be proposed for using a longer KSK key length of 3072-bit RSA.
Larger size of key of RSA is not a right direction. If people think the 2048-bit RSA is strong enough, larger size of key will only result large size of DNSKEY and the response. If you think we should strengthen it, why not switch to ECC give a reasonable timeline in future. Davey