From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: rpki-client: detect & reject "AS0 TALs"
To: Job Snijders <job@openbsd.org>
Cc: tech@openbsd.org
Date: Fri, 29 Nov 2024 08:32:28 -0700

Job Snijders <job@openbsd.org> wrote:

> Following the above advice, the below diff makes it so that, by default,
> rpki-client will omit AS0 TAL information from its validated ROA payload
> outputs. Operators who believe they truly need AS0 TAL output will have
> to use the '-x' (experimental) option.

I fear that the -x option will eventually become a useful crutch to block
other behaviours.  Maybe this should be -0, to be more be explicit about
this AS0 issue.  In the manual page, AS0 support being tied to a specific
flag called -0 makes it easier to make the public aware of this problem
and the decision for AS0 non-support.