From 2b0594d99ca6ce3827ed1ad8c780cb0f23df5173 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 14 Feb 2010 20:59:54 +0100
Subject: [PATCH] Tweaks

---
 input/dsablog/2010/02/Securing_the_Debian_zones.mdwn | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/input/dsablog/2010/02/Securing_the_Debian_zones.mdwn b/input/dsablog/2010/02/Securing_the_Debian_zones.mdwn
index 9cd3524..2e93771 100644
--- a/input/dsablog/2010/02/Securing_the_Debian_zones.mdwn
+++ b/input/dsablog/2010/02/Securing_the_Debian_zones.mdwn
@@ -50,14 +50,14 @@ on the
 [debian-infrastructure-announce](http://lists.debian.org/debian-infrastructure-announce/)
 list until such time that our zones are reachable from a
 [signed root](http://www.root-dnssec.org/).  KSK rollovers for our own
-child zones (www.d.o et al), once signed, will not be announced because
+child zones (www.d.o et al.), once signed, will not be announced because
 we can just put proper
 [DS records](http://en.wikipedia.org/wiki/List_of_DNS_record_types#DS)
 in the respective parent zone.
 
 Until we announce the first set of trust anchors on the mailinglist the
 keysets present in DNS should not be considered productional.  They can
-be changed at any time.
+be changed at any time, without observing standard rollover practices.
 
 See also:
 
-- 
2.20.1