Introduction to Fort

Design

Fort is an MIT-licensed RPKI Relying Party. It is a service that downloads the RPKI repositories, validates their entirety and serves the resulting ROAs for easy access by your routers.

img/design.svg

The Validator is a timer that, every once in a while, resynchronizes its local cache of the RPKI Repository, validates the resulting certificate chains and stores the resulting valid ROAs in memory. The RTR Server (which is part of the same binary) delivers these ROAs to any requesting routers.

Fort is a command-line application intended for UNIX operating systems, written in C.

Roadmap

Issue Title Urgency Due release
issue82 Reach 100% RFC 9286 compliance Critical 2.0.0
issue112 Enforce same origin for RRDP files High 2.0.0
issue149 Lock the cache during updates High 2.0.0
issue113 Detect and properly respond to subtler RRDP session desynchronization Medium 2.0.0
issue124 Atomize output files (--output.roa and --output.bgpsec) Medium 2.0.0
issue114 Support automatic TA key rollover Very High 2.0.1
issue50 Provide prometheus endpoint Very High 2.0.2
issue58 Fort’s validation produces no router keys Very High 2.0.3
issue116 SLURM review High -
issue118 Implement validation re-reconsidered High -
issue119 Review IRIs to file names transition High -
issue120 Error messages review High -
issue121 Refactor validation and operation logging High -
issue72 Encrypt RTR Medium -
issue73 Minimize probability of RTR session ID and serial reuse Medium -
issue90 Add “metadata” section to json output Medium -
issue91 Add “ta” field to ROAs in json output Medium -
issue97 Add “incidence” fields for every nonfatal RFC incompliance Medium -
issue117 Warn on maxLength defined on SLURM Medium -
issue125 ASN.1 review Medium -
issue126 Exhaustive URL validation Medium -
issue127 Stream RRDP files Medium -
issue128 Reuse TCP connections for HTTP requests to same server Medium -
issue129 Rethink the thread pools Medium -
issue130 Improve documentation Medium -
issue151 [Enhancement]: Add ability to set ACLs for router connections Medium -
issue152 compliance issue: Fort accepts GeneralizedTime with fractional seconds Medium -
issue153 Not enforcing DER encoding Medium -
issue40 failure scenarios, monitoring and glibc recommendations Low -
issue42 reload feature: restart validation on SIGHUP Low -
issue70 Do a quick temporary offline validation to prevent No Data Available Low -
issue123 New invocation mode: Validate single file Low -
issue131 Implement vCard validation Low -
issue132 Implement RTRv2 Low -
issue134 Add support RFC 9589 (On the Use of the CMS Signing-Time Attribute in RPKI Signed Objects) Low -