> As for BGP, the rpki should fix that, though I'm told if I look I'll be sad (so I'm not looking).
Afaiu, it’s even worse than you might think: RPKI doesn’t actually secure BGP. It provides only origin validation (i.e. which ASes may use which IP blocks). It critically does not provide path validation (i.e. which ASes may provide transit for which other ASes). Which is kind of a big deal.
Afaiu, it’s even worse than you might think: RPKI doesn’t actually secure BGP. It provides only origin validation (i.e. which ASes may use which IP blocks). It critically does not provide path validation (i.e. which ASes may provide transit for which other ASes). Which is kind of a big deal.