Hi Viktor Dukhovni <[email protected]> wrote:
> Also adoption of ECDSA P-256 (algorithm 13) continues to grow, > and the number of domains using P-256 KSKs has almost reached > parity with RSA-SHA256 (algorithm 8), which is just ahead for > now, but likely not for very much longer. My KSK and ZSK are both of algorithm 8 and 2048 bits in size. Is it correct to assume that -due to the growing adoption of algorithm 13- that this algorithm should be preferred? If so, I would like to migrate. But, I do have some questions to the community beforehand: #) Can one mix KSK and ZSK algorithms? (I do have a rollover of my ZSKs due in a couple of days. Thus starting with ZSKs would be convenient.) #) Would it be wise to increase from 2048 to 4096 bits size? Thanks in advance and with kind regards, Michael
