Introduction to Fort
Design
Fort is an MIT-licensed RPKI Relying Party. It is a service that downloads the RPKI repositories, validates their entirety and serves the resulting ROAs for easy access by your routers.
The Validator is a timer that, every once in a while, resynchronizes its local cache of the RPKI Repository, validates the resulting certificate chains and stores the resulting valid ROAs in memory. The RTR Server (which is part of the same binary) delivers these ROAs to any requesting routers.
Fort is a command-line application intended for UNIX operating systems, written in C.
Roadmap
Issue | Title | Urgency | Due release |
---|---|---|---|
issue82 | Reach 100% RFC 9286 compliance | Critical | 2.0.0 |
issue112 | Enforce same origin for RRDP files | High | 2.0.0 |
issue149 | Lock the cache during updates | High | 2.0.0 |
issue113 | Detect and properly respond to subtler RRDP session desynchronization | Medium | 2.0.0 |
issue124 | Atomize output files (--output.roa and --output.bgpsec ) |
Medium | 2.0.0 |
issue114 | Support automatic TA key rollover | Very High | 2.0.1 |
issue50 | Provide prometheus endpoint | Very High | 2.0.2 |
issue58 | Fort’s validation produces no router keys | Very High | 2.0.3 |
issue116 | SLURM review | High | - |
issue118 | Implement validation re-reconsidered | High | - |
issue119 | Review IRIs to file names transition | High | - |
issue120 | Error messages review | High | - |
issue121 | Refactor validation and operation logging | High | - |
issue72 | Encrypt RTR | Medium | - |
issue73 | Minimize probability of RTR session ID and serial reuse | Medium | - |
issue90 | Add “metadata” section to json output | Medium | - |
issue91 | Add “ta” field to ROAs in json output | Medium | - |
issue97 | Add “incidence” fields for every nonfatal RFC incompliance | Medium | - |
issue117 | Warn on maxLength defined on SLURM | Medium | - |
issue125 | ASN.1 review | Medium | - |
issue126 | Exhaustive URL validation | Medium | - |
issue127 | Stream RRDP files | Medium | - |
issue128 | Reuse TCP connections for HTTP requests to same server | Medium | - |
issue129 | Rethink the thread pools | Medium | - |
issue130 | Improve documentation | Medium | - |
issue151 | [Enhancement]: Add ability to set ACLs for router connections | Medium | - |
issue152 | compliance issue: Fort accepts GeneralizedTime with fractional seconds | Medium | - |
issue153 | Not enforcing DER encoding | Medium | - |
issue40 | failure scenarios, monitoring and glibc recommendations | Low | - |
issue42 | reload feature: restart validation on SIGHUP | Low | - |
issue70 | Do a quick temporary offline validation to prevent No Data Available |
Low | - |
issue123 | New invocation mode: Validate single file | Low | - |
issue131 | Implement vCard validation | Low | - |
issue132 | Implement RTRv2 | Low | - |
issue134 | Add support RFC 9589 (On the Use of the CMS Signing-Time Attribute in RPKI Signed Objects) | Low | - |