I feel like somehow we need to make BGP more resilient by using DNS. 🤔

@jerry umm

@mark and an LLM

@jerry BGPSEC over HTTPS

@cR0w sounds amazing 🤩

@jerry Starting a draft for RFC69420 right meow.

@cR0w @jerry please please please please reference RFC 2549.

@FuturisticRobert @jerry Obviously RFC 69420 will supercede RFC 2549 and replace the pigeons with corvids as layer one.

@cR0w @jerry remember though, birds aren't real. You'll be dealing with Virtual Corvids.

@cR0w @FuturisticRobert @jerry I'm detecting a conflict of interest in this proposal.

@kajer @FuturisticRobert @jerry Have you seen 2026? There's no such thing as a conflict of interest.

@cR0w @FuturisticRobert @jerry

Oh right, how do i profit from this?

@cR0w @kajer @jerry ask me about the kickbacks I'm getting from the Pigeon Lobby.

@kajer @FuturisticRobert @jerry Send me money and I'll turn it into money for yet. It's called investing. You can totally trust me. I'm a crow.

@jerry @cR0w bgp over gnutella :D

@Viss @jerry Now it's getting weird.

@cR0w @jerry what did hotdog run? was that gnutella too?

@cR0w @jerry because bgp over hotdog would be fun too, hahahaha

@Viss @cR0w @jerry armour hot dogs?

@cR0w @Viss I’m not sure why we wouldn’t use something modern like BitTorrent. Or we could use the matrix protocol if we wanted to ensure it doesn’t really work.

@jerry @cR0w @Viss and we haven't broached agentic ai yet? What's wrong with us?

@jerry Jerry - are you under duress? Post one NFT if you need help.

@jerry @cR0w bgp over quicktime then

@Viss BGP over tincan and string.

@jerry

BGP via Quantum Blockchain? 🙂

@FuturisticRobert @jerry @cR0w they havent finished hamfistedly wedging gpus into firewalls so they can run llms quite yet

@Viss @FuturisticRobert @cR0w seems like such a wasted opportunity

@simonzerafa that is a good idea. I hadn’t thought about the blockchain. Few things are less efficient so that might make the most sense.

@jerry

I was trying to add AI in there as well so we can flease some investors with all the buzzwords and tech fads 😆🤷‍♂️

@krypt3ia no but that may actually work, though

@Viss @krypt3ia Ping me after June this year about that.

@jerry @FuturisticRobert @cR0w right? like, you can extract monthly license rent if they dont want to run the gpu in the firewall by having every single packet that crosses the backplane become an api call over the internet to the cloud, where a frontier llm will decide if its ok or not.

@Viss @jerry @FuturisticRobert @cR0w

Why do you arm the stupids?!

@jerry @cR0w @Viss BGP over RTTY.

@Viss @jerry @cR0w

TCP as a Service, TCPaaS.

@FuturisticRobert @jerry @cR0w aws already does that :D

@Viss @jerry @cR0w as demonstrated about a month ago.

@jerry BGPMARC

@jerry @simonzerafa Just let me publish a prefix NFT and all is well.

@mkj @jerry

Nice idea! We definitely need some board monkeys 🙂👍

@jerry Already done.

Just deploy RPKI and route validation. Now you have relying party (RP) servers syncing RPKI repository data from all the publication points (effectively URIs) so that your routers can make decisions about what routes to accept or not. No DNS, no verifiable announcements.

@Viss @jerry @FuturisticRobert @cR0w Jesus fuck dude, Cisco doesn't need any more ideas.

@NosirrahSec @Viss @jerry @FuturisticRobert @cR0w this entire conversion is cursed. I am going to have nightmares now because of this thread.

@chillicampari @NosirrahSec @Viss @jerry @FuturisticRobert @cR0w I'm setting a reminder to check back in a year and tally up actual vendor pitches which are clearly cribbed from this thread.

@chillicampari @NosirrahSec @Viss @jerry @FuturisticRobert @cR0w *pulls up a lawn chair*

*scrolls up to the top*

"BGP more resilient by using DNS"

*goes back inside*

@jerry I vote we replace BGP and DNS with GenAI entirely.

Determinism is overrated. Imagine never knowing if a packet you transfer will:
A) Reach it's intended destination
B) If it has been "improved" and altered.
C) Entirely made up resolutions.

I only see possibilities and opportunities using GenAI as a drop-in replacement for BGP and DNS.

What could POSSIBLY go wrong?!

@nopatience @jerry

@nopatience @jerry Shhhh, or the tech bros will start throwing money at you.

@risottobias @chillicampari @NosirrahSec @Viss @jerry @FuturisticRobert @cR0w I'm going to gouge my own eyes out after reading this thanks.

@NosirrahSec @Viss @jerry @FuturisticRobert @cR0w BGP over Blockchain with Smart Contract route negotiation.

Hmmm actually.....

@risottobias

Yeah ... No ... Uh ...

Welp. Y'all take care now.

@krypt3ia @Viss UUBGPCP.

AS191!AS1223!...

@wolfinpdx I think they're trolling :p

@risottobias

(I know.)

@Viss @FuturisticRobert @jerry @cR0w i see you're not up to date on cisco's portfolio :D

@acdha @chillicampari @NosirrahSec @jerry @FuturisticRobert @cR0w security trails has offerings that they straight up stole from orbital, so, yeah, it'll happen

@InfosecStuC @NosirrahSec @jerry @FuturisticRobert @cR0w gbye disk space

@Viss @jerry @cR0w

Naahhhh, QuickTime is too new, we need BGP over RealMedia Stream

@fennix @Viss @jerry @cR0w BGP over Gopher is the only way forward.

@fennix @jerry @cR0w there are already blogposts about this absurdity, it certainly wasnt me, haha

@rootwyrm @chillicampari @NosirrahSec @Viss @jerry @FuturisticRobert @cR0w eh, if anybody could be dumb enough to make something that broken, matrix or cisco could.

@NosirrahSec @Viss @jerry @FuturisticRobert @cR0w i mean their really trying and i have seen some strange ads already

@FuturisticRobert @cR0w @jerry

@fennix @jerry @cR0w oh yes, there you go, thats what i had in mind

@jerry @cR0w @Viss or IPFS

@rootwyrm @risottobias @chillicampari @NosirrahSec @jerry @FuturisticRobert @cR0w with any luck the hyperscalers will train ai on this thread and things will get "better"

@Viss @FuturisticRobert @jerry @cR0w

... well ...

arguably LLMs use gpus for complex pattern matching, and firewalls (especially doing deep inspection) certainly match patterns, so ...

@jerry obviously we should just add BGP records to DNS.

Get your gateways here
dig -t BGP 192.0.2.1

UPDATE sounds like a Zone Transfer, should suffice

We can check for error notifications via PTRs

Let’s ship it

@nopatience @jerry @cR0w
Are bgp and dns even deterministic as it is? I tried doing a dns lookup for infosec.exchange 8 times, and got a different address every time!

@jerry

or x509 certs. or both. configured with ASN.1.

@Viss @jerry @cR0w

surely RFC 2549 transport for BGP would make things go so much better. ;)

https://www.rfc-editor.org/rfc/rfc2549.html

@paul_ipv6 @jerry @cR0w that may cause a loop if @kajer has his way and does bgp over tin can and string - the avian carriers carring bgp may try to land on the string

@Viss @paul_ipv6 @jerry @cR0w

That was not part of my threat model

@Viss @jerry @cR0w

i have vague memories of someone proposing routing info over bittorrent and they weren't joking? i'm hoping this was an April 1 RFC but can't remember for sure.

@jerry @cR0w @Viss what if we turn it around? Instead of announcing what we have asking who has? Like arp. But then we’ll use multicast. And IPSEC encrypt the multicast of course

@kajer @Viss @paul_ipv6 @jerry Still better than the current systems.

@cR0w @Viss @paul_ipv6 @jerry

you don't blindly trust input on port 179?! thats what TCP is for?

@kajer @Viss @paul_ipv6 @jerry Oh no, it has nothing to do with that. I'm just saying at least with the proposal, we get to watch birds instead of blinky lights.

@cR0w @Viss @paul_ipv6 @jerry

but then.... how will we tempest monitor? we need bird watchers now?

@kajer @Viss @paul_ipv6 @jerry I'm sold.

@Viss @jerry @cR0w Please stop threatening the fediverse with good times

@kajer @paul_ipv6 @jerry @cR0w bgp routing loop over avian carrier? :D

@jerry @mark The "B" in BGP stands for "Blockchain." Or should.

@kajer @cR0w @Viss @paul_ipv6 @jerry manufacturing PTSD flashbacks intensifying

@cR0w @jerry
But with certs that expire every 8 hours because it needs extra security…or something

@jerry BGSMTP

@aneoro @jerry That would be some TSA level compliance fuckery right there.

@FritzAdalis @nopatience @jerry @cR0w This is explained by dint of the fact that @jerry uses quantum computers so you can either know the route or the IP but not both at the same time. It’s related to the AS numbers (Automagic Schrödinger) which states you don’t know which box is going to serve the request until you ask.

@jerry

Sure because DNS is sooooo resilient. Ask cloudflare

@greatlaketrout @jerry

DNS works fine. Problems arise when someone thinks they can do everything, all the time - ie be the whole internets.

The internet was not designed to be a series of Cloudflare (or the others) walled silos, painfully trying to lock you into their subs.

The internet we have, still works despite the greedy wankers who try to fuck it up.

@gerdesj @jerry

Well I can tell you as a network engineer….it is always DNS

@InfosecStuC @Viss @jerry @FuturisticRobert @cR0w you scare me.

@greatlaketrout @jerry

Unless it is time sync but in general it is DNS. Whenever there is a snag I generally reach for dig.