Quick fix for an early Internet problem lives on a quarter-century later (2015)

BGP was intended for a specific niche. Earlier, there was the ARPANET, operated by BBN out of Boston, and peripheral stuff connected to it. Early Internet thinking was that there was a &quot;core&quot; with its own routing protocol, and BGP was how the core communicated with small peripheral networks. BGP wasn&#x27;t intended as the core routing protocol.<p>Mutually mistrustful routing is hard. I wrote some stuff on this in the early 1980s. The best I came up with was a scheme where forgeries would be detected, and once the source of the forgeries had been kicked off the network, the system would heal itself. (Asymmetric cryptographic signing had been invented but wasn&#x27;t yet used or trusted.)

Related project: <a href="http:&#x2F;&#x2F;www.scion-architecture.net&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.scion-architecture.net&#x2F;</a><p>SCION is a BGP replacement that&#x27;s in development at the ETH Zurich network security group; it promises isolation of routing hijack attacks (by means of so-called &quot;isolation domains&quot;, planned to be grouped by jurisdiction AFAIK). It&#x27;s even already deployed in a bunch of places (edit: <a href="https:&#x2F;&#x2F;www.scion-architecture.net&#x2F;#deployment" rel="nofollow">https:&#x2F;&#x2F;www.scion-architecture.net&#x2F;#deployment</a>).<p>It also has cool extensions like SIBRA, which provides DDoS protection by means of bandwith reservation, and HORNET (which you might&#x27;ve heard of before), which is a high-speed anonymous communication network (which is sadly not yet available to the public in implemented&#x2F;working form).<p>Previous HN discussion on HORNET: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9930929" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9930929</a>

&gt; BGP won out because it was simple, solved the problem at hand and proved versatile enough to keep data flowing as the Internet doubled in size, again and again and again.<p>So if you want to replace it, make something that is equally simple and solves the new problem(s) at hand without un-solving the original one. If you don&#x27;t do that, people have no incentive to switch.<p>It sounds like the (vaguely described) new alternative is more complex. If it was better for business, things would have gravitated toward it quickly.

Similarly, UTF-8 was designed on a diner placemat.<p><a href="https:&#x2F;&#x2F;www.cl.cam.ac.uk&#x2F;~mgk25&#x2F;ucs&#x2F;utf-8-history.txt" rel="nofollow">https:&#x2F;&#x2F;www.cl.cam.ac.uk&#x2F;~mgk25&#x2F;ucs&#x2F;utf-8-history.txt</a>

There&#x27;s a motto in my department at work: Nothing is more permanent than a temporary solution.

&quot;Temporary is permanent.&quot;<p>&quot;Test is production.&quot;<p>These two mantras have saved me and coworkers from making stupid &quot;temporary&quot; fixes countless times through the years.

from 2015, discussion here back then: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9636141" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9636141</a>

A related, interesting read: <a href="https:&#x2F;&#x2F;security.stackexchange.com&#x2F;q&#x2F;56069&#x2F;15648-what-security-mechanisms-are-used-in-bgp-and-why-do-they-fail" rel="nofollow">https:&#x2F;&#x2F;security.stackexchange.com&#x2F;q&#x2F;56069&#x2F;15648-what-securi...</a>

BGP at 18 from the guy himself:<p><a href="https:&#x2F;&#x2F;m.youtube.com&#x2F;watch?v=_Mn4kKVBdaM" rel="nofollow">https:&#x2F;&#x2F;m.youtube.com&#x2F;watch?v=_Mn4kKVBdaM</a>

I get the feeling that the core Internet protocols (in the 80s and early 90s) were built by people who were like 75% sysadmins and 25% developers&#x2F;system architects. Typically sysadmins employed by US universities. (I don&#x27;t want to cast any shade on their accomplishments! They made brilliant things for the time.)<p>Then things got stuck because the Internet started hyper-scaling in the mid 90s.<p>This is just an outside observation though; it would obviously be great to hear any insider perspectives from people who were there.

Why isn&#x27;t the sensitive data sent encrypted?

IPv6?