> On Apr 25, 2022, at 11:20 AM, Petr Menšík <pemen...@redhat.com> wrote: > I think the only good way would be starting considering shorter keys as > insecure in FIPS mode.
Agreed. We’ve been using 2408-bit ZSKs for more than ten years now. It’s
definitely time to sunset acceptance of shorter keys at this point.
-Bill
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
