A few years ago I got cornered by an enthusiastic academic praising the beauties of his cryptography-based system that would (after replacing the whole Internet) solve all the supposed woes we’re facing with BGP today.
His ideas were technically sound, but probably won’t ever see widespread adoption – it doesn’t matter if you have great ideas if there’s not enough motivation to implementing them (The Myths of Innovation is a mandatory reading if you’re interested in these topics).
Here’s a pretty useful filter you can use when someone tries to tell you he solved a really hard problem:
- Find out all the prior proposed solutions (if the problem is worth solving, someone else probably tried to solve it before);
- Figure out whether the other solutions failed due to technical reasons (in which case there might be hope);
- If the prior solutions were technically feasible but weren’t accepted, there might be a business reason for that;
- If the proposed solution sufficiently changes the business model, there might be hope. Otherwise, move on.
Coming back to BGP example:
- We had RPKI for years. Uptake was minimal until very recently when large ISPs started using it (NTT announcement) and owners of large parts of IP address space deployed ROA records. For more details, check MANRS participants.
- BGPsec was also developed years ago. Nobody even thinks about using it due to the additional compute overload it would create;
- There are tools to generate prefix lists from public routing databases. A very small percentage of ISPs cared enough about the quality of Internet routing to use them… until passionate engineers like Job Snijders started MANRS community and created enough buzz and visibility to make Internet routing security relevant..
In case you’re wondering what’s wrong with the BGP world, Russ White nicely explained it in BGP Security: A Gentle Reminder that Networking Is Business. Have fun!
- Updated the RPKI status - it’s now used by large ISPs and content providers.