[immibis]

As I understand, it's very roughly comparable to BGP.

It's not the same protocol of course and doesn't do the same thing, but it's used in the same scenarios and has a similar level of security and importance.

And both are peer to peer - you can agree with one of your peers to secure your BGP session, but it won't have much impact on the global network, of which your BGP sessions are only a small part. There was a talk recently released from DEFCON33 about the phone system, where it was mentioned that to bypass authentication, spammers seek out carriers with old TDM systems which can't support authentication, and might even be their main customers. This is like that. All of your peerings may be secure, but if you start blocking calls you got relayed from 4 networks away with incorrect metadata, you can't tell if it's fake data or if one of those intermediary networks messed up the metadata on a legitimate call, and you will block legitimate calls and lose customers. Networks are weird systems where politics, not specifications, dominate.