<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 2/Aug/20 01:44, Ryan Hamel wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8B4B5E01-4CF3-4421-93BA-BB039BEC7949@getmailspring.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div>Matt,</div>
<br>
<div><font style="font-size:14.5px"><font
style="font-family:Nylas-Pro, Helvetica, "Lucidia
Grande", sans-serif">Why are you blaming the ease of
use on the vendor, for the operators lack of knowledge
regarding BGP? That is like blaming a vehicle manufacturer
for a person pressing the gas pedal in a car and not giving
a toss about the rules of the road. The base foundation
regarding the rules of the road mostly apply the same for
driving a car, truck, bus, and semi/lorry truck. There is no
excuse for ignorance just because the user interface is
different (web browser vs. SSH client).</font></font></div>
</blockquote>
<br>
Actually, there is.<br>
<br>
One has to actually acquire knowledge about not only driving a car,
but driving it in public. That knowledge is then validated by a
gubbermint-sanctioned driver's license test. If you fail, you aren't
allowed to drive. If you are caught driving without a driver's
license, you pay the penalty.<br>
<br>
There is no requirement for a license in order to run power into a
router and hook it up to the Internet. This is the problem I have
with the current state of how we support BGP actors.<br>
<br>
<blockquote type="cite"
cite="mid:8B4B5E01-4CF3-4421-93BA-BB039BEC7949@getmailspring.com">
<div>Adding a take on this, there are kids born after 9/11, with
IP allocations and ASNs experimenting in the DFZ right now. If
they can make it work, and not cause harm to other members in
this community, it clearly demonstrates a lack of knowledge, or
honest human error (which will never go away).</div>
</blockquote>
<br>
We should not be celebrating this.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:8B4B5E01-4CF3-4421-93BA-BB039BEC7949@getmailspring.com"><br>
<div><font style="font-size:14.5px"><font
style="font-family:Nylas-Pro, Helvetica, "Lucidia
Grande", sans-serif">Anything that can be used, can be
misused. With that said, why shouldn't ALL BGP software
implementations encourage best practice? They decided RPKI
validation was a good thing.</font></font></div>
</blockquote>
<br>
The larger question is we should find a way to make our industry
genuinely qualification-based, and not "free for all that decides
they want to try it out".<br>
<br>
I don't yet know how to do that, but we certainly need to start
thinking more seriously about it. Kids born after 9/11 successfully
experimenting on a global network is not where the bar ought to be.<br>
<br>
Mark.<br>
</body>
</html>