From: Job Snijders <job@bsd.nl>
Subject: Re: rpki-client: SPKI in TALs
To: Theo Buehler <tb@theobuehler.org>
Cc: tech@openbsd.org
Date: Tue, 20 Jan 2026 12:50:05 +0000

On Tue, Jan 20, 2026 at 09:02:12AM +0100, Theo Buehler wrote:
> This is an almost entirely mechanical diff. The pkey hanging off
> struct tal always confuses me since pkey always makes me think of
> EVP_PKEY. The combo with pk and opk in a couple of functions makes
> this worse.
> 
> So: rename tal->pkey{,sz} to tal->spki{,sz} and pk/opk to pkey/opkey
> and adjust a couple of nearby comments. Update from RFC 7730 to RFC
> 8630 while there.

To me it is not immediately clear from the new (or old) variable names
'pkey' and 'opkey' what those variables might contain, perhaps the names
'tal_pkey' and 'cert_pkey' would've been more descriptive? Anyhow...

> There's one additional change: in tal_parse_buffer() we currently
> accept trailing garbage in the TAL (for example, you can just append
> AAAA to the Base64 encoded SPKI in any *.tal right now and we won't
> notice). Check that we consumed the full thing as we usually do. I'll
> land this separately.

yup

OK job