%% You should probably cite rfc4107 instead of this I-D.
@techreport{bellovin-mandate-keymgmt-03,
    number =    {draft-bellovin-mandate-keymgmt-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-bellovin-mandate-keymgmt/03/},
    author =    {Steven Bellovin and Russ Housley},
    title =     {{Guidelines for Cryptographic Key Management}},
    pagetotal = 7,
    year =      2005,
    month =     jan,
    day =       11,
    abstract =  {The question often arises of whether a given security system requires some form of automated key management, or whether manual keying is sufficient. This memo provides guidelines for making such decisions. When symmetric cryptographic mechanisms are used in a protocol, the presumption is that automated key management is generally but not always needed. If manual keying is proposed, the burden of proving that automated key management is not required falls to the proposer. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.},
}