<code>www</code>)
will follow at a later date.
-We are using bind 9.6 for [NSEC3](http://www.nsec3.org/) support and
+We are using bind 9.6 for [NSEC3](http://tools.ietf.org/html/rfc5155) support and
[our](http://git.debian.org/?p=mirror/Net-DNS-SEC-Maint-Key.git)
[fork](http://git.debian.org/?p=mirror/Net-DNS-SEC-Maint-Zone.git)
of RIPE's
1152 bits for the ZSK. Signature validity period will most likely be
four weeks, with a one week signature publication period
(cf. [RFC4641: DNSSEC Operational
-Practices](http://www.ietf.org/rfc/rfc4641.txt)).
+Practices](http://tools.ietf.org/html/rfc4641)).
Zone keys rollovers will happen regularly and will not be announced in
any specific way. Key signing key rollovers will probably be announced
[debian-infrastructure-announce](http://lists.debian.org/debian-infrastructure-announce/)
list until such time that our zones are reachable from a
[signed root](http://www.root-dnssec.org/). KSK rollovers for our own
-child zones (www.d.o et al), once signed, will not be announced because
+child zones (www.d.o et al.), once signed, will not be announced because
we can just put proper
[DS records](http://en.wikipedia.org/wiki/List_of_DNS_record_types#DS)
in the respective parent zone.
Until we announce the first set of trust anchors on the mailinglist the
-keysets present in DNS should not be considered productional. They can
-be changed at any time.
+keysets present in DNS should be considered experimental. They can
+be changed at any time, without observing standard rollover practices.
+
+Please direct questions or comments to either the debian-admin or, if
+you want a more public forum, the debian-project list at
+lists.debian.org.
See also:
* [DNSSEC wikipedia page](http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions),
* [DNSSEC HOWTO, a tutorial in disguise (Olaf Kolkman, nlnetlabs)](http://www.nlnetlabs.nl/publications/dnssec_howto/index.html).
-
-Please direct questions or comments to either the debian-admin or, if
-you want a more public forum, the debian-project list at
-lists.debian.org.