The only thing I would change is making the deletion happen sig-validity-interval after the inactivation of the key. The idea is to have a gradual replacement of signatures as they normally fall due for re-signing. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka at isc.org