At The Swedish Internet Foundation we are very security concious. We were the first TLD in the world to sign their zone with DNSSEC. Being on the forefront of things is a nice feeling, but sometimes you get to feel the pain of it. Having signed so early means that at the time there was only one algorithm to use, RSA-SHA1. The security of SHA1 has been discussed in the community for some time now and even though there is no need for panic, there are more secure alternatives available today.