nanog mailing list archives

Re: "Is BGP safe yet?" test

From: Tom Beecher <beecher () beecher cc>
Date: Mon, 20 Apr 2020 11:31:51 -0400

( Speaking 100% for myself. )

I think it was tremendously irresponsible, especially in the context of
current events, to take a complex technical issue like this and frame it to
the general public as a 'safety' issue.

It's created articles like this :
https://www.wired.com/story/cloudflare-bgp-routing-safe-yet/ , which are
terrible because they imply that RPKI is just some simple thing that anyone
not doing is just lazy or stupid. Very few people will read to the bottom
note about vendors implementing RPKI support, or do any other research on
the issue and challenges that some companies face to do it. It's not their
job; that's ours.

I feel like there has been more momentum in getting more people to
implement PKI in the last 18-24 months. ( Maybe others with different
visibility have different opinions there. ) There are legitimate technical
and business reasons why this isn't just a switch that can be turned on,
and everyone in our industry knows that.

In my opinion, Mr. Prince is doing a great disservice by taking this
approach, and in the longer term RPKI adoption will likely be slower than
it would have been otherwise. I genuinely appreciate much of what
Cloudflare does for the sake of 'internet good' , but I believe they wildly
missed the mark here.

On Mon, Apr 20, 2020 at 11:09 AM Andrey Kostin <ankost () podolsk ru> wrote:

Hi Nanog list,

Would be interesting to hear your opinion on this:
https://isbgpsafeyet.com/

We have cases when residential customers ask support "why is your
service isn't safe?" pointing to that article. It's difficult to answer
correctly considering that the asking person usually doesn't know what
BGP is and what it's used for, save for understanding it's function,
design and possible misuses.
IMO, on one hand it promotes and is aimed to push RPKI deployment, on
the other hand is this a proper way for it? How ethical is to claim
other market players unsafe, considering that scope of possible impact
of not implementing it has completely different scale for a small stub
network and big transit provider?

Kind regards,
Andrey

Current thread:

Re: "Is BGP safe yet?" test, (continued)
- - Re: "Is BGP safe yet?" test Randy Bush (Apr 20)
    - Re: "Is BGP safe yet?" test Amir Herzberg (Apr 20)
    - Re: "Is BGP safe yet?" test Job Snijders (Apr 20)
    - Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 20)
    - Re: "Is BGP safe yet?" test Saku Ytti (Apr 20)
    - Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 20)
    - Re: "Is BGP safe yet?" test Andrey Kostin (Apr 21)
    - Re: "Is BGP safe yet?" test Randy Bush (Apr 21)
    - Re: "Is BGP safe yet?" test Mark Tinka (Apr 21)
    - Re: "Is BGP safe yet?" test Randy Bush (Apr 21)
- Re: "Is BGP safe yet?" test Tom Beecher (Apr 20)
  - Re: "Is BGP safe yet?" test Cummings, Chris (Apr 20)
    - Re: "Is BGP safe yet?" test Tom Beecher (Apr 20)
    - Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
    - Re: "Is BGP safe yet?" test Tom Beecher (Apr 20)
    - Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
    - Re: "Is BGP safe yet?" test Andrey Kostin (Apr 20)
    - Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
    - Re: "Is BGP safe yet?" test Rubens Kuhl (Apr 20)
    - Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
    - Re: "Is BGP safe yet?" test Andrey Kostin (Apr 20)

(Thread continues...)