On Tue, Nov 18, 2025 at 01:18:21PM +0000, Job Snijders wrote:
> On Tue, Nov 18, 2025 at 02:02:28PM +0100, Claudio Jeker wrote:
> > Yes, SIDROPS is a headless chicken. Still I think it is their job to
> > fix this inconsistency in the BGPsec spec.
> 
> I'll file an errata.
> 
> > > In any case, I think the current logic is error prone since this
> > > mis-specification is about the subject. Can we do this small
> > > refactor which is the bulk of the original diff?
> > 
> > Sorry, I forgot to add that I'm OK with your original diff. There is not
> > much else we can do about this in rpki-client right now.
> 
> We should not put any effort in supporting UTF8String in the BGPsec
> certificate context. Let's treat the commonName attribute in BGPsec
> certs the same way we do in any other RPKI certificate types.

so you're ok with my second diff?