Hello, I'd like to be able to do automatic ZSK and manual KSK rollovers. Basically the KSK should have an endless validity but I might want to roll it with (manually-trigerred) RFC 5011 semantics. It it permissible to have a policy such as shown below and then explicitly use `keymgr' commands to generate new keys and set `revoke', `retire' and `remove' timers on the older key? Testing indicates that it works as desired, I'm just unsure whether key manipulation is permitted. policy:   - id: autoHSM     keystore: pemstore     single-type-signing: off     manual: off     ksk-shared: off     ksk-lifetime: 0     zsk-lifetime: 30d     cds-cdnskey-publish: rollover Thank you,     -JP --