The Internet’s Trusty, But Outdated, Postal Service
Think of the Border Gateway Protocol (BGP) as the internet's global postal service. When you send an email or visit a website, BGP figures out the best path for your data to travel across the vast network of networks that make up the internet. It was
designed in a simpler, more trusting era—a time when the internet was a small community of academic and government institutions. The protocol's foundational principle was essentially trust; it assumes that every network operator is telling the truth about the routes they control. For decades, this has worked remarkably well, allowing the internet to scale from a niche project to a global utility. But that trust is now its greatest weakness.
Hijackers on the Information Superhighway
Because BGP was built on trust, it has no built-in way to verify that a network operator truly owns the digital addresses they claim to. This creates a massive vulnerability known as BGP hijacking. A malicious or incompetent operator can simply announce a false route, effectively putting up fake road signs on the internet. Traffic intended for a bank or a major website can be rerouted through the hijacker's servers, where it can be monitored, manipulated, or simply dropped, causing a major outage. These aren't just theoretical risks; BGP hijacks have been used to steal cryptocurrency, redirect traffic to nation-states for espionage, and knock essential services offline. Recent incidents in 2025 and 2026 have continued to expose vulnerabilities in the routers that manage these critical tasks.
The Two Big Fixes on the Table
Engineers have developed two primary solutions to plug BGP's security holes, and this is where the disagreement really begins. The first is Resource Public Key Infrastructure (RPKI), which acts like a digital certificate of ownership. It allows a network to prove it has the right to announce a specific set of IP addresses (the origin of the route). It's like checking the sender's ID on a package to make sure it's legitimate. The second, more comprehensive solution is BGPsec. It goes a step further by securing the entire path a data packet takes from origin to destination. Each network along the way cryptographically signs off on the route, creating an unforgeable chain of custody. If RPKI checks the sender's ID, BGPsec tracks the package at every stop.
The Heart of the Disagreement: Pragmatism vs. Purity
The debate among senior engineers boils down to a classic conflict: a good-enough solution now versus a perfect solution later. One camp champions RPKI as a pragmatic, vital first step. They argue that it solves the most common and damaging type of hijack—origin hijacking—and is already being deployed by major providers. Their philosophy is that incremental progress is better than no progress, and waiting for a perfect fix is a dangerous luxury. They see RPKI as a necessary and achievable improvement that makes the internet safer today. Another camp views RPKI as a halfway measure that creates a false sense of security. They argue that while it verifies the origin, it does nothing to protect the rest of the route path from tampering. For them, only a full-path validation solution like BGPsec can truly secure the protocol. They worry that widespread adoption of RPKI will lead to complacency, leaving critical vulnerabilities unaddressed for years to come. However, BGPsec is far more complex, requires significant hardware upgrades, and its effectiveness depends on nearly universal adoption—a monumental coordination challenge. This group is wary of the massive operational cost and complexity of deploying a system that only works when everyone else is also using it.













