> On Apr 25, 2022, at 11:20 AM, Petr Menšík <[email protected]> wrote: > I think the only good way would be starting considering shorter keys as > insecure in FIPS mode.
Agreed. We’ve been using 2408-bit ZSKs for more than ten years now. It’s
definitely time to sunset acceptance of shorter keys at this point.
-Bill
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
