Co-author of RFC 4641 a BCP (Best Current Practice) for DNSSEC operations. This was written together with Olaf Kolkman.

At the time I was employed at NLnet Labs

This RFC gives guidelines on how to setup secure zones in a world with DNSSEC. It also gives pointers for public and private key handling and deals with the key lengths and how to handle key rollovers.