On Fri, Mar 21, 2025 at 06:25:37PM +0000, Job Snijders wrote:
> Dear all,
> 
> Had a super interesting converstion with beck@ in which he convinced me
> that it'll be better to revert course here and go a different direction.
> 
> There is a lot of complexity around fetching RPKI TA certifcates and
> automatically selecting one that probably^Hhopefully doesn't mess up the
> tree (such as the still-valid olden narrowly rfc3779-constrained trust
> anchor certificate issuances). Instead, we can work towards maintaining
> this aspect as a more traditional rootstore (/etc/rpki/certs.pem). 

I don't really follow the reasoning since one thing does not preclude
the other but I always hated this code, so I'm fine with removing it.