Alex Gaynor

I've placed it in the 38th milestone, we can review the state (release + download numbers for aws-encryption-sdk) then.

for future reference, commit where this was removed: https://github.com/aws/aws-encryption-sdk-python/commit/d3c763821c356e6a64ed681919f189b0340d0865 not yet in a release

Now in a release, but uptake of that release is slow. DATE_SUB(CURRENT_DATE(), INTERVAL 90 DAY) GROUP BY yyyymm ORDER BY yyyymm DESC ```

There are no updates on this effort that are not represented on this issue.

Correct on both counts!

Next steps here: - [x] pyopenssl release - [ ] all downstreams dependency range includes new pyopenssl release

Unfortunately accessing the certificates from ICAO requires agreeing to a terms & conditions that, to my non-lawyer, read is incompatible with an open source license, so we can't use them...

The requirement for lexicographical order of SETs isn't part of the X.509 RFCs, it's part of the definition of ASN.1 DER itself. Before we can consider what potential workarounds are...

Here are the relevant X.509 structures from RFC 5280: ``` Name ::= CHOICE { -- only one possibility for now -- rdnSequence RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName...

The vendor is definitely capable of doing this with a firmware upgrade. But I think it's quite likely they wouldn't, because it'd be a more compilcated update.