← spork

Roadmap.

Spork is alpha software. This page describes what has shipped, what is actively being worked on, and what comes next. Dates are estimates, not commitments.

Shipped

Capabilities available in current alpha builds:

• CA hierarchy — root and issuing CA creation, chain validation, path-length and name-constraint enforcement
• ML-DSA-65 / ML-DSA-87 — FIPS 204 lattice signatures throughout the chain
• SLH-DSA-SHA2-128s / 192s / 256s — FIPS 205 hash-based signatures
• Classical algorithms — ECDSA P-256 / P-384, RSA 2048–4096, Ed25519 (RFC 8032)
• ACME server (spork-acme) — RFC 8555 core flows; http-01, dns-01, tls-alpn-01 challenges; CAA validation (RFC 8659); admin dashboard; CRL lifecycle management; CA lockdown; subscriber agreement
• ACME, EST, SCEP enrollment clients — built in to the spork CLI
• CRL generation and OCSP responder
• Certificate linting engine — 11+ security checks
• Universal PKI file viewer — auto-detects certificates, keys, CSRs, CRLs
• TLS probing — PQC hybrid detection via spork-probe
• spork-shell — interactive REPL for CA management
• Standalone ACME installer — self-extracting archive, SHA3-256 + Ed25519 verified

In progress

• Certbot-style automation (spork acme certonly, install, renew, rollback)
• ACME enrollment controls and certificate templates
• Portable demo CA — single archive, extract, run, no setup wizard required
• Documentation expansion

Next

Planned for the near term, in rough priority order:

• Windows CA integration — Spork as subordinate issuing CA under a Windows AD CS root; Windows CA as subordinate under a Spork root; cross-certification; LDAP / Active Directory integration
• CT log submission
• SSH CA mode
• Windows native client
• Protocol conformance and interoperability testing (ACME, EST, SCEP)
• Audit logging improvements

Later

• Scale and HA — PostgreSQL and MySQL backends, high-availability clustering, Prometheus metrics, load testing
• REST API — stable, versioned API for programmatic management
• Hardening — third-party security audit, API stability guarantees, Certificate Transparency integration, migration tools, complete documentation
• macOS and Windows builds (demand-gated)

Licensing

Spork is licensed under BSL 1.1 (Business Source License). Evaluation and testing are free with no time limit. Production deployments require a commercial license; contact licensing@quantumnexum.com for terms.

Feedback

Bug reports and feature requests go to support@quantumnexum.com. Security issues go to security@quantumnexum.com. General questions about Spork or enterprise deployments go to hello@quantumnexum.com.