Introduction to Fort
Design
Fort is an MIT-licensed RPKI Relying Party. It is a service that downloads the RPKI repositories, validates their entirety and serves the resulting ROAs for easy access by your routers.
The Validator is a timer that, every once in a while, resynchronizes its local cache of the RPKI Repository, validates the resulting certificate chains and stores the resulting valid ROAs in memory. The RTR Server (which is part of the same binary) delivers these ROAs to any requesting routers.
Fort is a command-line application intended for UNIX operating systems, written in C.
Roadmap
| Issue | Title | Urgency | Due release |
|---|---|---|---|
| issue82 | Reach 100% RFC 9286 compliance | Critical | 1.7.0 |
| issue112 | Enforce same origin for RRDP files | High | 1.7.0 |
| issue113 | Detect and properly respond to subtler RRDP session desynchronization | Medium | 1.7.0 |
| issue114 | Support automatic TA key rollover | Very High | 1.7.1 |
| issue50 | Provide prometheus endpoint | Very High | 1.7.2 |
| issue58 | Fort’s validation produces no router keys | Very High | 1.7.3 |
| issue116 | SLURM review | High | - |
| issue118 | Implement validation re-reconsidered | High | - |
| issue119 | Review IRIs to file names transition | High | - |
| issue120 | Error messages review | High | - |
| issue121 | Refactor validation and operation logging | High | - |
| issue72 | Encrypt RTR | Medium | - |
| issue73 | Minimize probability of RTR session ID and serial reuse | Medium | - |
| issue90 | Add “metadata” section to json output | Medium | - |
| issue91 | Add “ta” field to ROAs in json output | Medium | - |
| issue97 | Add “incidence” fields for every nonfatal RFC incompliance | Medium | - |
| issue117 | Warn on maxLength defined on SLURM | Medium | - |
| issue124 | Atomize output files (--output.roa and --output.bgpsec) |
Medium | - |
| issue125 | ASN.1 review | Medium | - |
| issue126 | Exhaustive URL validation | Medium | - |
| issue127 | Stream RRDP files | Medium | - |
| issue128 | Reuse TCP connections for HTTP requests to same server | Medium | - |
| issue129 | Rethink the thread pools | Medium | - |
| issue130 | Improve documentation | Medium | - |
| issue40 | failure scenarios, monitoring and glibc recommendations | Low | - |
| issue42 | reload feature: restart validation on SIGHUP | Low | - |
| issue70 | Do a quick temporary offline validation to prevent No Data Available |
Low | - |
| issue123 | New invocation mode: Validate single file | Low | - |
| issue131 | Implement vCard validation | Low | - |
| issue132 | Implement RTRv2 | Low | - |
| issue134 | Implement draft-ietf-sidrops-cms-signing-time | Low | - |