diff --git a/procedures/key-rotation.txt b/procedures/key-rotation.txt
index c303cc0..b8eb451 100644
--- a/procedures/key-rotation.txt
+++ b/procedures/key-rotation.txt
@@ -15,9 +15,10 @@ Assumes:
 3. Sign DNSKEY RRs with KSK
 4. Sign rest of the zone with ZSK_c
 5. Publish signed zones, which includes:
-   - DNSKEY RRs for ZSK_c and ZSK_n signed by KSK
+   - DNSKEY RRs for ZSK_p, ZSK_c and ZSK_n signed by KSK
    - Every other RR signed by ZSK_c
-   - Does not include ZSK_p DNSKEY RR nor any RRSIG signed by ZSK_p
+   - Does not include any RRSIG signed by ZSK_p
+6. After cache expires, delete ZSK_p DNSKEY RR.
 
 NSEC3PARAM
 ----------