bogdancyber via routing-wg wrote on 30/01/2026 23:32:
And the problem is that today's security in BGP is more reactive, it comes into play only after the attack is detected and damage is done. So I leave you here the link to the zenodo site where I posted my invention. https://zenodo.org/records/18421580
the premise here is that you analyse the propagation of routes with covering ROAs, and score ASNs depending on whether they propagate them or not. This is reasonable, and possibly useful. You've made two assumptions that are problematic: 1. that RPKI is the primary mechanism for blocking propagation of unauthorised announcements and 2. that a transiting network which implements RPKI is "safe, strict, and hard to abuse as a hijack-source". Neither of these are particularly true: IRRDB data still forms the primary front-line at the internet's edge, and ROAs will not stop anyone from hijacking a prefix if they can spoof the originating ASN. Nick