Comment 8 for bug 1974132

Yes. It came down to a question of balancing security and speed. 3072 bits was found to be sufficiently secure whilst not having too great an impact on performance

Ideally, as you point out, Ed25519 would be used. However, Ed25519 isn't currently considered FIPS compliant so we would need a way switch back to RSA or to ECDSA.

This, combined with concerns expressed here https://bugs.launchpad.net/juju/+bug/1951597 lead us to the conclusion that SSH keys could do with being reworked to

However, Juju is currently in feature-freeze until 3.1 is released. Perhaps this is something we will see in 3.2