%% You should probably cite draft-ietf-dnsop-rfc5011-security-considerations-13 instead of this revision.
@techreport{ietf-dnsop-rfc5011-security-considerations-02,
    number =    {draft-ietf-dnsop-rfc5011-security-considerations-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc5011-security-considerations/02/},
    author =    {Wes Hardaker and Warren "Ace" Kumari},
    title =     {{Security Considerations for RFC5011 Publishers}},
    pagetotal = 13,
    year =      ,
    month =     ,
    day =       ,
    abstract =  {This document extends the RFC5011 rollover strategy with timing advice that must be followed in order to maintain security. Specifically, this document describes the math behind the minimum time-length that a DNS zone publisher must wait before signing with only recently added DNSKEYs. This document also describes the minimum time-length that a DNS zone publisher must wait after publishing a revoked DNSKEY before assuming that all active RFC5011 resolvers should have seen the revocation-marked key and removed it from their list of trust anchors.},
}