In June 2024, a Brazilian ISP announced Cloudflare's IP address as its own, and the internet believed it. Cloudflare's 1.1.1.1 DNS resolver went dark across 300 networks in 70 countries. Their routes were cryptographically signed under RPKI, the most mature security patch available for internet routing. A Tier-1 provider accepted the bogus announcement anyway.

That failure traces back to two napkins in Austin, Texas, January 1989. Yakov Rekhter and Kirk Lougheed sketched the Border Gateway Protocol to solve an immediate problem: the existing routing protocol couldn't handle growing network complexity. BGP was conceived as interim. Its core assumption was that every participant could be trusted. When the U.S. internet was a 13-node backbone, that was reasonable. But interim solutions that work have a particular quality: they become load-bearing before anyone decides they should.

The IETF formally documented BGP's security vulnerabilities in RFC 4272 in 2006, seventeen years after the napkin sketch. The primary patch, RPKI, arrived in 2012. By early 2025, more than half of global routes carry cryptographic signatures. Tier-1 carriers now filter over 95% of detectable invalid routes. Real progress. But enforcement drops off sharply below the largest carriers, which means RPKI reproduces the very dynamic it patches: it only works if your neighbors participate too.

And RPKI was designed to be fail-open. If a signature can't be verified, the announcement goes through. Researchers have already documented a new class of stealthy hijacks that exploit the seam between networks that filter and those that don't. The next layer, ASPA, which verifies the path a route claims to have traveled, isn't expected before late 2026. It will face the same adoption curve. Each patch closes a vulnerability and opens another that looks structurally familiar.

Each layer inherits the coordination problem of what it patches. The stack grows; the underlying dynamic persists.

Which makes Switzerland interesting. Since 2022, the Swiss National Bank, SIX, and ETH Zürich have been running production financial traffic on SCION, a routing architecture designed from scratch with path verification built in. The Secure Swiss Finance Network carries interbank clearing for over 300 banks. It works. It's expanding into Swiss healthcare and energy. And that scope is the tell. SCION works because the coordination surface is small: a national bank, a market infrastructure operator, a university, a handful of ISPs, all within a single regulatory perimeter, all sharing obvious incentives. The SCION Association was founded by institutions that already trusted each other. The global internet has roughly 75,000 autonomous systems with no shared regulatory framework. The HTTPS transition is sometimes cited as precedent for forced adoption, but HTTPS had a chokepoint: a handful of browser vendors could refuse to load insecure pages. Routing has no equivalent.

A working replacement has to displace the broken original and every workaround, organizational investment, and learned habit that accumulated around it over decades. Each patch that makes BGP slightly more tolerable closes the window for replacement a little further.

Somewhere in Zürich, a better system carries Swiss francs between banks. The distance between that fact and the rest of the internet is thirty-seven years of workarounds that became someone's infrastructure.