What is the current safest key signing method(s) for clients to use for nsec's?

In dummy language for me?