See the attachment.

The attachment is a set of Nits, Minor and one Major comment covering possible Technical, Operational and Editorial issues in the plan to roll the Root Zones KSK signing algorithm. This is in lieu of completing the Public Comment Proceeding Form.

Summary: Needs work. Do not proceed as written.  The plan is missing most information about the decision process for the critical choices. This will restrict most reviews to a somewhat superficial level. In the attachment, Minor 7 indicates a flaw with publication timing. Major 1 suggests an approach that does not require reducing the signature strength of the root zone for 3 years.

The plan was difficult to validate, especially with the lack of details on which keys and which signatures made up each phase's KSRs.

No alternatives to shrinking the RSA2048 ZSK to an RSA1536 were discussed and the reduction of security inherent in this change wasn't given much if any attention. My MAJOR suggestion is to transition the signing galgorithms for the ZSK BEFORE transitioning the algorithm for the KSK. E.g. replace the RSA2048 ZSK with an ECDSA P256 ZSK, before doing the KSK DNSSEC Root of Trust algorithm transition.

Regardless of whether or not you follow the above recommendation, the document's publication time for the revoked RSA2048 KSK (Phase FF) - only 70 days - and its signature post revocation is too low. See the attachment for a minimum recommendation, but doubling or even tripling that time would be a better choice.

While the authors may have considered alternatives to a number of the documented choices, that deliberation process is missing from this document. Those omissions tend to make the review more about how the plan (as a document) was written rather than being able to review the reasoning for the choices and their validity.