0.3.0
- only do keep-missing when there are other valid ksk's known
- subordinate trust point deletion
- daemonize
- queryInterval and retryTime
- Add holddown: "If all of the keys that were originally used to validate this 
	key are revoked prior to the timer expiring, the resolver stops the
	acceptance process and resets the timer".

todo:
- sscanf in options.c
- option to transition a trust anchor to revoked, regardless of its current 
	state.
- default keep-missing

other ideas:
- DLV support
- fetching trust anchors

test ideas:
- add a test for keep-missing
- test signal resolver
- add a test for multiple file storage
- add a cutest.tpkg
- some minor tests from TESTPLAN
- talk to unsigned zone
- what to do with unknown algorithm
- transition forcing
- test count local trust keys
- malformed DNSKEY/DS records
- nxdomain
- bad input
- corner cases
- zsk rollover
- talk to unsigned zone
- test on solaris

questions / findings:
ietf73:
- RFC 5011 updates RFC 4034.
- should a revoked-oblivious resolver treat a DNSKEY with its REVOKED bit on 
	different than a DNSKEY with the REVOKED bit off?
- draft-dnsop-4641bis: key rollover sections should include key revocation.
- what's the threshold proposal?

ietf72:
- if you revoke a key, the calculated key tag will become different
- if you lose your private key, you are not able to revoke the key anymore
	* lost key
	* compromised key
	* both
  countermeausure: have a good store policy for your private keys, 
	this is not in scope of the document.
- what to do if you see a revoked key that has not state valid or missing
	* set to REVOKED or ignore it, implementors choice.
- compare rdata is different (because of the REVBIT)
	* to define: what attributes must be the same to define equality between 
		DNSKEYs.
- revoked key does not have to be in a validated set (eg selfsigned)


