On Tue, Nov 18, 2025 at 02:25:12PM +0100, Theo Buehler wrote:
> On Tue, Nov 18, 2025 at 01:18:21PM +0000, Job Snijders wrote:
> > On Tue, Nov 18, 2025 at 02:02:28PM +0100, Claudio Jeker wrote:
> > > Yes, SIDROPS is a headless chicken. Still I think it is their job to
> > > fix this inconsistency in the BGPsec spec.
> > 
> > I'll file an errata.
> > 
> > > > In any case, I think the current logic is error prone since this
> > > > mis-specification is about the subject. Can we do this small
> > > > refactor which is the bulk of the original diff?
> > > 
> > > Sorry, I forgot to add that I'm OK with your original diff. There is not
> > > much else we can do about this in rpki-client right now.
> > 
> > We should not put any effort in supporting UTF8String in the BGPsec
> > certificate context. Let's treat the commonName attribute in BGPsec
> > certs the same way we do in any other RPKI certificate types.
> 
> so you're ok with my second diff?

You can have an OK claudio@ on that one :) 

-- 
:wq Claudio