#### 6.1.5.1 Root and Subordinate CA key sizes For Keys corresponding to Root and Subordinate CAs: * If the Key is RSA, then the modulus MUST be at least 4096 bits in length. [^legacy_key_length] * If the Key is ECDSA, then the curve MUST be one of NIST P-256, P-384, or P-521. * If the Key is DSA, then one of the following key parameter options MUST be used: * Key length (`L`) of 2048 bits and modulus length (`N`) of 224 bits * Key length (`L`) of 2048 bits and modulus length (`N`) of 256 bits [^legacy_key_length]: CAs MAY sign Cross-Certificates with Root CA RSA Private Keys whose modulus length is less than 4096 bits, provided that the Cross-Certificate is issued to a Root CA whose Public Key adheres to the key size requirements of this section.