Mailing List Archive

From:: Job Snijders <job@openbsd.org>
Subject:: Re: rpki-client: allow UTF8String for BGPsec router cert subjects
To:: Theo Buehler <tb@theobuehler.org>
Cc:: tech@openbsd.org
Date:: Tue, 18 Nov 2025 13:37:11 +0000

Download raw body.

Thread

- 2025-11-18 13:25 Theo Buehler:
  rpki-client: allow UTF8String for BGPsec router cert subjects
- - 2025-11-18 13:31 Claudio Jeker:
    rpki-client: allow UTF8String for BGPsec router cert subjects

2025-11-18 13:37 Job Snijders:

rpki-client: allow UTF8String for BGPsec router cert subjects

2025-11-18 23:46 Avon Robertson:
rpki-client: allow UTF8String for BGPsec router cert subjects

OK job@

but,

On Tue, Nov 18, 2025 at 01:53:37PM +0100, Theo Buehler wrote:
>  			 * XXX - For some reason RFC 8209, section 3.1.1 decided
> -			 * to allow UTF8String for BGPsec Router Certificates.
> +			 * to allow UTF8String for the subject of BGPsec Router
> +			 * Certificates, although RECOMMENDED contents fit in
> +			 * a PrintableString.

Is the above comment really needed? Perhaps:

	/*
	 * RFC 8209, section 3.1.1 suggests UTF8String is permissible
	 * for the subject of BGPsec Router Certificates, but this
	 * implementation consciescly only supports PrintableString.
	 */

Kind regards,

Job

- 2025-11-18 13:25 Theo Buehler:
  rpki-client: allow UTF8String for BGPsec router cert subjects
- - 2025-11-18 13:31 Claudio Jeker:
    rpki-client: allow UTF8String for BGPsec router cert subjects

2025-11-18 13:37 Job Snijders:

rpki-client: allow UTF8String for BGPsec router cert subjects

2025-11-18 23:46 Avon Robertson:
rpki-client: allow UTF8String for BGPsec router cert subjects