diff --git a/bin/confgen/tsig-keygen.rst b/bin/confgen/tsig-keygen.rst
index 7420bede43..5ecce5d0e1 100644
--- a/bin/confgen/tsig-keygen.rst
+++ b/bin/confgen/tsig-keygen.rst
@@ -27,9 +27,10 @@ Synopsis
 Description
 ~~~~~~~~~~~
 
-:program:`tsig-keygen` is an utility that generates keys for use in TSIG signing.
-The resulting keys can be used, for example, to secure dynamic DNS updates
-to a zone, or for the :iscman:`rndc` command channel.
+:program:`tsig-keygen` is an utility that generates keys for use with TSIG
+(Transaction Signatures) as defined in :rfc:`2845`. The resulting keys can be used,
+for example, to secure dynamic DNS updates to a zone, or for the :iscman:`rndc`
+command channel.
 
 A domain name can be specified on the command line to be used as the name
 of the generated key. If no name is specified, the default is ``tsig-key``.
diff --git a/bin/dnssec/dnssec-keygen.rst b/bin/dnssec/dnssec-keygen.rst
index 121ced4e02..cc721e0599 100644
--- a/bin/dnssec/dnssec-keygen.rst
+++ b/bin/dnssec/dnssec-keygen.rst
@@ -27,9 +27,7 @@ Description
 ~~~~~~~~~~~
 
 :program:`dnssec-keygen` generates keys for DNSSEC (Secure DNS), as defined in
-:rfc:`2535` and :rfc:`4034`. It can also generate keys for use with TSIG
-(Transaction Signatures) as defined in :rfc:`2845`, or TKEY (Transaction
-Key) as defined in :rfc:`2930`.
+:rfc:`2535` and :rfc:`4034`.
 
 The ``name`` of the key is specified on the command line. For DNSSEC
 keys, this must match the name of the zone for which the key is being