On 31/Jul/20 16:29, Mike Hammett wrote:
They solve a need that isn't reasonably solved any other way that doesn't have similar drawbacks.

Some optimizers need to be redesigned to be safer by default.

Some networks need to be safer by default as well.

Almost every product ever made does solve a need. You will find at least one customer who is happy with what they paid their money for.

But BGP-4 is vulnerable enough as it is, and the Internet has moved on in leaps and bounds since 1994 (RFC 1654).

Until we see BGP-5, we need to look after our community. And if that means holding the BGP optimizers to a higher standard, so be it.

As they say, "You can't blame a monkey for botching a brain surgery".

Plenty of industries strongly "guide" (I'll avoid "regulate") their actors to ensure standards and results (medicine, aviation, energy, construction, e.t.c.). If the acceptance bar to a BGP actor is an optional CCNA or JNCIA certification, we shall learn the hard way, as we did with this and similar incidents.

Mark.