[DNSSEC-Transparency] Logging of DS removal

Hi, In an off-list conversation, it's been decided that logging of _removal_ of DS RRs would be useful. If those understanding why this should be done could explain what attack(s) this will detect, that'd be great. The next question is how this should be done in practice, in our current experiment. IIRC we decided in Yokohama that Paul would hack up an unbound to submit DS records it stumbled over, together with a chain of keys and signatures up to a trust anchor that the log had configured. I'm going to show my ignorance and ask how this would be detected and expressed while pointing out that "duh, NSEC*" is _not_ enough for me to understand. :) I do accept terse descriptions and pointers to relevant litterature though! Thanks, Linus