> On Feb 15, 2018, at 12:23, Michael A. Peters <mpeters at domblogger.net> wrote: > ZSK is easy but ZSK should be 1024-bit to keep DNS responses small, There is no proof this is needed or required. And strong reasons to not use 1024 RSA anymore. The root ZSK is now 2048 with no issues reported. Paul