undefined

points

[-]

> How many major isps would we want to implement it to be "safe" and what would that look like?

It would be "enough" if all the major transit ISPs did it and it would be helpful if all the major residential ISPs did it. If non-RPKI routes can't propagate through transit ISPs, that makes it a much less useful thing to do.

by KomoD8 hours ago|

prev|

[-]

We want more than just major isps.

They've listed way more than 4 (and those 4 are also massive), click "Show all".

There's 254 operators marked as unsafe.

by chrismustcode8 hours ago|

prev|

[-]

I'm on sky in the UK which is marked as not safe due to no RPKI.

It's not on the list so imagine there is a fair few missing, would be neat to have a table you could filter by country, provider type (cloud/isp etc) based on real results from users.

edit: there's a show all button to expand the table

by SCdF7 hours ago|

parent|

[-]

If you're interested, Community Fibre is a yes from this website

by badgersnake8 hours ago|

parent|

prev|

[-]

I get the same result for A&A, but frankly I trust them more than some random site with (apparently) an axe to grind.

by jsty7 hours ago|

parent|

[-]

https://www.aa.net.uk/etc/news/bgp-and-rpki/

by OJFord5 hours ago|

parent|

[-]

And here we are six years on... I have a lot of respect for A&A, but I do find it hard to sympathise with that page.

by tialaramex7 hours ago|

parent|

prev|

[-]

My hope would be that A&A have a process manually whitelisting the route that made the test fail because in fact (as of course it would be) it's actually deliberately not signed but it is really their route.

But on some level that's like assuming the reason the guy with the handgun is on your plane is that he's a sky marshal and not that some idiot let a concealed handgun through security. I mean, sure, maybe, but, maybe not.

Without asking it's just a guess and I haven't asked. Maybe I should.

by tialaramex6 hours ago|

parent|

[-]

And now thanks to jsty's sibling comment I don't have to ask, thanks! It does seem like they've been more than "cautious" enough at this point and should just implement RPKI.

by asveikau7 hours ago|

prev|

[-]

I got a fail on T-Mobile USA. It seems in the full list that T-Mobile is listed as both passing and failing.

by RyJones7 hours ago|

parent|

[-]

T-Mobile consists of at least five distinct networks depending on when your carrier was purchased, last time I was talking with some of the network security guys in Factoria. It’s been four years - they may have converged some of them.

by Melatonic3 hours ago|

parent|

[-]

Also failing here in the Los Angeles area. Used to be on Sprint before the acquisition. Probably location dependent

by asveikau1 hours ago|

parent|

[-]

I got the failure message in San Francisco.

Not sure if it makes a difference, but I had a T-Mobile SIM card I bought in Seattle in 2010 and was carrying from phone to phone for years, but I recently replaced the SIM because I heard newer t-mobile SIMs can do better finding 5g coverage.

by ck27 hours ago|

parent|

prev|

[-]

same

     T-Mobile USA, AS21928 does NOT implement BGP safely

by philipwhiuk8 hours ago|

prev|

[-]

Click show all.

Major ISPs like British Telecom (core UK telephony), NTT Docomo (Japan), Vodafone Espana (showing that Vodafone isn't doing it globally), Starlink (showing it's not a old tech problem), Rogers (US ISP) are listed unsafe.

I think the 31 is a misleadingly positive picture.

by asveikau7 hours ago|

parent|

[-]

I thought Rogers was Canadian.

by hrmtst938375 hours ago|

parent|

prev|

[-]

Counting networks passes for journalism, and 31 is noise unless you weight each entry by size and traffic split. A pile of single-homed stubs matters far less than one big transit network, because outages and hijacks bite where traffic concentrates, and that makes the headline number feel brokn rather than reassuring.