caching of expired RRSIG's ?

[Jaap Akkerhuis]

    I agree for the consequence of those "cache misses".
    But doesnot that mean that RFC4035 needs amended to state :
     "remove atomic entry if *all* its RRSIGs get invalid"
    (because now it states : any = "at least one")
    
    And it implicitly confirms that these statements in the RFC
    do apply to expired RRSIG's in the cache.
    
You might want to address these questionsto dnsop/dnsex since this
is more a queastion about the RFC then something bind specific.

	jaap