Comment by romshark

First of all, at this point, SCION is not here to replace BGP. It's here to provide a more secure way of interconnecting ASes for critical infrastructure applications (finance, defense, government, etc..) that allows path selection and verification over multiple-ISPs. It can for example, be seen as an alternative to MPLS but offering more capability.

SCION also offers more protection against DDoS attacks and other outages thanks to its multi-path routing capabilities and ability to failover quicker than BGP as it builds and stores its path knowledge in advance.

> How do I peer with the big corps in a SCION world?

You do so by joining an ISD (Isolation Domain) and inheriting TRC (Trust Root Configuration).

> so SCION doesn't really enable a more secure internet, it enables more (largely corporate) control

Much critical infrastructure is still reliant on leased lines or MPLS which is expensive and reliant on a single ISP which often reduces resilience. It often also requires assurances about where its traffic is being forwarded (e.g. through particular countries or regions) which is difficult or impossible with BGP. SCION can instead provide these assurances over the commodity Internet provided by multiple ISPs, by being able to verify paths and allowing packet senders to control how packets should be routed given the available path options.

ISDs are typically for specific use cases (e.g. Swiss Secure Finance Network) where strong assurances are needed for where traffic is sent, but ISDs can decide admission criteria for themselves and how they wish to communicate with other ISDs and the rest of the Internet.

Think of the power grid for example. Putting power plants on the internet is probably a bad idea. A better idea is to interconnect power plants through multiple ISPs over a SCION ISD. Less expensive than leased lines or MPLS, and more flexible.