dkg

fwiw, this looks like it needs to be resolved to fix [problems with debian's autopkgtest suite and multiple crates](https://gitlab.com/sequoia-pgp/sequoia/issues/386).

i'm also seeing this problem. I think the workaround is even simpler: just feed it through a simple ffmpeg passthrough: ``` ffmpeg -i original.ogv -c copy cleaned.ogv ```

take a look at #20 please, i think it might address this concern. @jspark311, can you verify?

sure, but this is precisely the sort of thing that some people are interested in for this extension -- "to what nations is my traffic flowing when i visit this...

I'm seeing the same problem here, which makes it difficult to use asn1c to handle anything that depends on RFC 5912 as well.

To be specific, i'm running into this problem while trying to add support for x25519 and Ed25519 (from [rfc 8410](https://datatracker.ietf.org/doc/html/rfc8410)) to [certlint](https://github.com/certlint/certlint), which depends on asn1c.

@brchiu, do you have any suggestion for how to adapt `asn1p_y.y` to support `versionNumber` inside `[[` and `]]`? Looks like it has to do with `TOK_VBracketLeft` and `TOK_VBracketRight`, those only...

Hi @jprenken -- I agree that CAA extensions are the right mechanism (i linked to RFC 8657 in the original report). Can the specific account that is registered set an...

a BGP hijack shouldn't be capable of overriding a DNSSEC-signed CAA, right? is failed DNSSEC validation a "fail open" scenario or a "fail closed" scenario? I agree that registry takeover...

Thanks for talking this through with me, @jsha. I'm glad to hear that a DNSSEC-signed zone will hard-fail on the CAA check, that seems like the right thing to do....