<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 31/Jul/20 16:29, Mike Hammett wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1184794989.8596.1596205785121.JavaMail.mhammett@Thunderfuck2">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">p { margin: 0; }</style>
<div style="font-family: arial,helvetica,sans-serif; font-size:
10pt; color: #000000">They solve a need that isn't reasonably
solved any other way that doesn't have similar drawbacks.
<div><br>
</div>
<div>Some optimizers need to be redesigned to be safer by
default.</div>
<div><br>
</div>
<div>Some networks need to be safer by default as well.<br>
</div>
</div>
</blockquote>
<br>
Almost every product ever made does solve a need. You will find at
least one customer who is happy with what they paid their money for.<br>
<br>
But BGP-4 is vulnerable enough as it is, and the Internet has moved
on in leaps and bounds since 1994 (RFC 1654).<br>
<br>
Until we see BGP-5, we need to look after our community. And if that
means holding the BGP optimizers to a higher standard, so be it.<br>
<br>
As they say, "You can't blame a monkey for botching a brain
surgery".<br>
<br>
Plenty of industries strongly "guide" (I'll avoid "regulate") their
actors to ensure standards and results (medicine, aviation, energy,
construction, e.t.c.). If the acceptance bar to a BGP actor is an
optional CCNA or JNCIA certification, we shall learn the hard way,
as we did with this and similar incidents.<br>
<br>
Mark.<br>
</body>
</html>