===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/75.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- www/75.html	2024/03/02 21:23:01	1.1
+++ www/75.html	2024/03/03 20:55:54	1.2
@@ -158,6 +158,7 @@
   <li>...
   </ul>
 
+
 <li>Routing daemons and other userland network improvements:
   <ul>
 
@@ -171,9 +172,46 @@
 	<li>...
   </ul>
 
-  <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes:
+  <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw these and more changes:
   <ul>
-	<li>...
+	<li>Add ability to constrain an RPKI Trust Anchor's effective signing
+	authority to a limited set of Internet numbers. This allows Relying
+	Parties to enjoy the potential benefits of assuming trust, but within
+	a bounded scope.
+	<li>Following a 'failed fetch' (described in RFC 9286), emit a warning and
+	continue with a previously cached Manifest file.
+	<li>Emit a warning when the remote repository presents a Manifest with an
+	unexpected manifestNumber.
+	<li>Improved CRL extension checking.
+	<li>Experimental support for the P-256 signature algorithm.
+	<!-- 8.8. -->
+	<li>A failed manifest fetch could result in a NULL pointer dereference or
+	a use after free.
+	<li>Reject non-conforming RRDP delta elements that contain neither publish
+	nor a withdraw element and fall back to the RRDP snapshot.
+	<li>Refactoring and minor bug fixes in the warning display functions.
+	<!-- 8.9 -->
+	<li>The handling of manifests fetched via rsync or RRDP was reworked to
+	fully conform to RFC 9286.
+	<li>Fix a race condition between closing an idle connection and scheduling a
+	new request on it.
+	<li>The evaluation time specified with -P now also applies to trust anchor
+	certificates.
+	<li>Check that the entire CMS eContent was consumed. Previously, trailing
+	data would be silently discarded on deserialization of products.
+	<li>In file mode do not consider overclaiming intermediate CA certificates
+	as invalid.  OAA warning is still issued.
+	<li>Print the revocation time of certificates in file mode.
+	<li>Be more careful when converting OpenSSL numeric identifiers (NIDs)
+	to strings.
+	<!-- 9.0 -->
+	<li>Added support for RPKI Signed Prefix Lists.
+	<li>Added an -x flag to opt into parsing and evaluation of file types that are
+	still considered experimental.
+	<li>Added a metric to track the number of new files that were moved to the
+	validated cache.
+	<li>Ensure that the FileAndHashes list in a Manifest contains no duplicate
+	file names and no duplicate hashes.
   </ul>
 
   <li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>,