Though, after casting about, I found that Amazon is marked as “safe” by isbgpsafeyet.com which I interpret to mean that they met the requirements but failed in practice.
An alternative approach to ROA creation would be to do what other networks such as Cloudflare and Comcast have done: set the origin and maximum prefix length to be identical to how the prefix is routed. While this approach incurs an overhead cost of needing to update a ROA every time a route is modified, it also leaves little room for alternate versions of the route to come into circulation.
Assuming we have transit encryption, the main result of Border Gateway Patrol (BGP) errors is mass downtime. Downtime for a typical service is a headache; downtime for a CA can be disastrous. BGP hijacking also enables certificate mis-issuance by messing with weak domain control validation. Route authorization is an important mitigation!
That said: TLS is our last line of defense against BGP attacks that re-direct HTTPS requests.
Users wouldn’t have been robbed if Celer Bridge used HSTS preloading. Victims were greeted by a TLS error and chose to add a security exception; a payment platform shouldn’t offer that choice. HSTS instructs browsers to remove this option, and HSTS preloading prevents HSTS stripping (and TLS stripping).
HTTP Public Key Pinning (HPKP) makes such attacks even harder, but HPKP had its own list of issues preventing adoption.
To put this in perspective, all the things we’re talking about have to do with identifying a service on the internet which was the main issue in the cryptocurrency attack.
