%% You should probably cite rfc5011 instead of this I-D. @techreport{ietf-dnsext-trustupdate-timers-06, number = {draft-ietf-dnsext-trustupdate-timers-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-dnsext-trustupdate-timers/06/}, author = {Michael StJohns}, title = {{Automated Updates of DNS Security (DNSSEC) Trust Anchors}}, pagetotal = 14, year = 2007, month = apr, day = 4, abstract = {This document describes a means for automated, authenticated, and authorized updating of DNSSEC "trust anchors". The method provides protection against N-1 key compromises of N keys in the trust point key set. Based on the trust established by the presence of a current anchor, other anchors may be added at the same place in the hierarchy, and, ultimately, supplant the existing anchor(s). This mechanism will require changes to resolver management behavior (but not resolver resolution behavior), and the addition of a single flag bit to the DNSKEY record. {[}STANDARDS-TRACK{]}}, }