While I concur with most of the proposed guidelines on the key rollover interval(s), I have particular misgivings on the duration of Phase D 

 (KSK standby state).  Why should this phase last for two years?  Publishing a KSK but not deploying it for two years potentially invites an attacker to exploit possible vulnerabilities with either the properties of the key or key generation algorithm. The ROCA vulnerability shows that even 2048-bit RSA is susceptible to exploitation. 

If phase D could be reduced a reasonably shorter duration (1-1.5 years) this problem could be mitigated. However, if this duration is pretty short and will inconvenience the dissemination of the KSK to OS and DNS software vendors, then considerations should be proposed for using a longer KSK key length of 3072-bit RSA. 

Best Regards,

Paul Muchene