TODO list as of zkt-0.99

general:
	Renaming to zkt-? and split of the functions of dnssec-zkt to
	separate commands
	Fixed in zkt-1.0 (zkt-conf command)

dnssec-zkt:
 feat	option to specify the key age as remaining lifetime
	(Option -i inverse age ?).

dnssec-signer:
 bug	Distribute_Cmd wouldn't work properly on dynamic zones
 	(missing freeze, thaw; copy Keyfiles instead of signed zone file)

 bug	Automatic KSK rollover of dynamic zones will only work if the parent
 	uses the standard name for the signed zonefile (zonefile.db.signed).

 bug	Phase3 of manual ksk rollover do not trigger a resigning of the zone
 	(Key removal is not recognized by dosigning () function )

 bug	There is no online checking of the key material by design.
 	The signer command checks the status of the key as they
	are represented in the file system and not in the zone.
	The dnssec maintainer is responsible for the lifeliness of the
	data in the hosted domain.
	In other words: It's highly recommended to use the
	option -r when you use zkt-signer on a production zone.
	Then the time of propagation is (more or less) equal to the timestamp
	of the zone.db.signed file.

 bug	The max_TTL parameter should be set to the value found
 	in the zone. A mechanism for setting up a dnssec.conf file
	for the zone specific TTL values is needed.
	Fixed in zkt-1.0 (zkt-conf command)

zkt-conf:
 port	Option -C (compability) to create older config files
 misc	Change syntax of config parameters to a more uniq form (e.g. no "_" char)

zkt-rollover:
 feat	New command to roll keys independent of zone signing
	(Usefull for dynamic zones managed by BIND9.7)

dki:
 feat	Use dynamic memory for dname in dki_t