Posting without thinking and getting Slashdotted

So. I get it. Encryption is good for everything, even BGP. But your Slashdotted blog post is somewhat irresponsible and leads to some unnecessary support phone calls (in this case for/to me).

Firstly, the whole BGP RPKI thing is of dubious value to a small ISP. In general, with a small number of “very large” upstreams and maybe an exchange or two, the validation is more pertinant to the large ISPs and exchanges.

That-all-said, I’m always willing to implement new security things. Going down the rabbit hole, there are a number of missing points to your blog post that will vastly slow adoption. At least, you need:

  1. A step-by-step create your certificate and sign your CIDRs and upload that info here thing. I realize this is complicated by registries, but at least the first part.

  2. You need to broaden your software appeal. At least one of you on the blog post works with OpenBSD… and yet I don’t see anything in ports. FRR seems to support librtr and some export of data, but I can’t find any easy bit of management for the “lookup cache” bit.

  3. an acknowledgement that (for instance) frr or quagga is in this fight too.

This topic was automatically closed after 14 days. New replies are no longer allowed.