On Tue, Nov 18, 2025 at 02:02:28PM +0100, Claudio Jeker wrote:
> Yes, SIDROPS is a headless chicken. Still I think it is their job to
> fix this inconsistency in the BGPsec spec.

I'll file an errata.

> > In any case, I think the current logic is error prone since this
> > mis-specification is about the subject. Can we do this small
> > refactor which is the bulk of the original diff?
> 
> Sorry, I forgot to add that I'm OK with your original diff. There is not
> much else we can do about this in rpki-client right now.

We should not put any effort in supporting UTF8String in the BGPsec
certificate context. Let's treat the commonName attribute in BGPsec
certs the same way we do in any other RPKI certificate types.

Kind regards,

Job