-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jakob Heitz Sent: Wednesday, September 07, 2011 9:13 AM Subject: Re: [sidr] BGPSec scaling (was RE: beacons and bgpsec)
So, a question for you Rob. Will your customers pay the premium for BGP security? WEG] This question is a good one, as it makes the difference between a capex driver with no projected bottom-line improvement and a potential revenue stream. We've seen the "unfunded mandate" movie before. It's one of the reasons that IPv6 deployment took so long - "yeah we have to spend $xxM to upgrade the network and our systems to support IPv6." "Ok, how much extra can we charge for that?" "Um...yeah, about that... but if we don't have it soon, our customers will leave us and we might run out of IP addresses..." "I haven't had any customers ask me for it...when is soon?" "Maybe 12-18 months?" "Ok, let's do it next year then." (lather, rinse, repeat for several years) My guess is that the union of who is willing to pay for it and what they're willing to pay likely won't cover the SP's costs to implement it. Generally security is one of those things that either is critical, cost-no-object or is seen as optional if the threat of impact is low enough compared with the cost of avoidance/prevention. I think that the threat risk BGPSec is addressing is seen as pretty low by the vast majority of small to medium enterprises if they've never been hit by it. Heck, we've recently seen some very large companies get burned for not having properly invested in security in areas where the threat model was a bit more obviously risky (Sony)... The sales pitch for BGPSec, especially in an incremental deployment model will have a lot of bearing on that perceived level of risk and our collective ability to mitigate it. If we're successful, maybe it becomes a sustainable investment. However, it's risky to assume that this will cover the added cost burden completely. Wes George This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
