In October 2023, I was talking about Internet routing security at the DEEP conference in Zadar, Croatia. After explaining the (obvious) challenges and the initiatives aimed at making Internet routing more secure (MANRS), I made my usual recommendation: vote with your wallet. However, if you’re a company in Croatia (or Slovenia, or a number of other countries), you’re stuck.

While ISPs in Croatia might be doing a great job, none of them is a MANRS participant¹, so we don’t know how good they are. The situation is not much better in Slovenia; the only ISPs claiming to serve Slovenia are Anexia (a cloud provider) and Go6 Institute, the small network operated by my good friend (and True Believer in IPv6 and MANRS) Jan Žorž. Moving further north, I was unable to get any useful data for Austria, as its country code (AT) also matches “No Data” string in MANRS table, resulting in over 500 hits.

I’m positive all ISPs in countries with no MANRS participants² have a wonderful (bullshit) excuse: nobody is asking for MANRS compliance, so why should we spend any time on it – the usual chicken-and-egg approach to security and compliance. No wonder things never move forward.

Anyway, if you do believe in voting with your wallet and making your suppliers uncomfortable, you might want to read the “Internet Routing Supply Chain: An Enterprise’s Most Overlooked Dependency” white paper recently published by MANRS. They correctly identified the potential pressure point (connectivity buyers); the “only” thing left to do is to make enterprise buyers aware of the benefits of MANRS compliance. Maybe it’s time to ask Jan Žorž and his friends (who made RIPE-501/544 pretty successful) for a few hints.