File: intro-fort.md

package info (click to toggle)
fort-validator 1.5.4-1%2Bdeb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 3,936 kB
  • sloc: ansic: 41,247; makefile: 234; javascript: 30; sh: 18; xml: 7
file content (52 lines) | stat: -rw-r--r-- 3,335 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
---
title: Introduction to Fort
description: FORT Validator is a command line application intended for UNIX operating systems, written in C.
---

# {{ page.title }}

## Design

Fort is an MIT-licensed RPKI Relying Party. It is a service that downloads the RPKI repositories, validates their entirety and serves the resulting ROAs for easy access by your routers.

![img/design.svg](img/design.svg)

The Validator is a timer that, [every once in a while](usage.html#--serverintervalvalidation), resynchronizes its [local cache of the RPKI Repository](usage.html#--local-repository), validates the resulting [certificate chains](intro-rpki.html) and stores the resulting valid ROAs in memory. The RTR [Server](usage.html#--serveraddress) (which is part of the same binary) delivers these ROAs to any requesting routers.

Fort is a command-line application intended for UNIX operating systems, written in C. (It requires a compiler that supports `-std=gnu11`.)

## Standards Compliance 

Further information can be found in the subsections below.

| RFC                                                                        | Implemented |
|----------------------------------------------------------------------------|-------------|
| [3779](https://tools.ietf.org/html/rfc3779) (IP & AS Extensions)           | 100%        |
| [6350](https://tools.ietf.org/html/rfc6350) (vCard)                        | 0%          |
| [6482](https://tools.ietf.org/html/rfc6482) (ROA)                          | 100%        |
| [6486](https://tools.ietf.org/html/rfc6486) (Manifests)                    | 100%        |
| [6487](https://tools.ietf.org/html/rfc6487) (Resource Certificates & CRLs) | 100%        |
| [6488](https://tools.ietf.org/html/rfc6488) (Signed Objects)               | 100%        |
| [6493](https://tools.ietf.org/html/rfc6493) (Ghostbusters)                 | 100%        |
| [6810](https://tools.ietf.org/html/rfc6810) (RTR Version 0)                | 100%        |
| [7318](https://tools.ietf.org/html/rfc7318) (Policy Qualifiers)            | 100%        |
| [7935](https://tools.ietf.org/html/rfc7935) (RPKI algorithms)              | 100%        |
| [8182](https://tools.ietf.org/html/rfc8182) (RRDP)                         | 100%        |
| [8209](https://tools.ietf.org/html/rfc8209) (BGPSec Certificates)          | 0% (This code was [disabled](https://github.com/NICMx/FORT-validator/issues/58#issuecomment-941977925) in version 1.5.2) |
| [8210](https://tools.ietf.org/html/rfc8210) (RTR Version 1)                | 100%        |
| [8360](https://tools.ietf.org/html/rfc8360) (Validation Reconsidered)      | 100%        |
| [8416](https://tools.ietf.org/html/rfc8416) (SLURM)                        | 100%        |
| [8608](https://tools.ietf.org/html/rfc8608) (BGPsec algorithms)            | 100%        |
| [8630](https://tools.ietf.org/html/rfc8630) (TALs with HTTPS URIs)         | 100%        |

### RFC 6350 (vCard)

The vCard format is only used by Ghostbusters records. 6350 defines the basic vCard format, while 6493 defines additional requirements for Ghostbusters-specific vCard.

The specific validations have been implemented, while the basic ones have not.

## TO-DO

- Reach 100% RFC compliance
- Trigger revalidation and SLURM reload on SIGHUP.
- Configurable origin address for outgoing requests.