FORT is not 100% RFC 6486 compliant. Having a certain degree of tolerance to missing, invalid or stale manifests involves a significantly more elaborate framework than a flag that globally allows dates to mismatch.
If a correct manifest becomes an invalid manifest an iteration later, the RP is supposed to attempt to fall back to the old manifest. Sample 6486 quote:
In the case where the RP has access to a local cache of previously
issued (valid) manifests, an RP MAY make use of that locally cached
data. Specifically, the RP MAY use the locally cached, most recent,
previously issued, valid manifest issued by the entity that (appears
to have) issued the invalid manifest.
Though it's spelled as a MAY, the reality is that not falling back to old versions prunes entire branches off the repository, which can lead to catastrophic ROA deficits.
Please note: 6486-bis already exists, so that's going to need attention too.
Mistake.
FORT is not 100% RFC 6486 compliant. Having a certain degree of tolerance to missing, invalid or stale manifests involves a significantly more elaborate framework than a flag that globally allows dates to mismatch.
If a correct manifest becomes an invalid manifest an iteration later, the RP is supposed to attempt to fall back to the old manifest. Sample 6486 quote:
Though it's spelled as a MAY, the reality is that not falling back to old versions prunes entire branches off the repository, which can lead to catastrophic ROA deficits.
Please note: 6486-bis already exists, so that's going to need attention too.
Thanks to Ties de Kock for reporting this.