Residual Vulnerabilities

Suppression of BGP messages by a misbehaving BGP speaker -- since AS1's BGP policies are not typically available to AS2, there is no simple way for AS2 to determine if AS1's speakers are misbehaving

A speaker can fail to withdraw a route that “should” be withdrawn, or it may inappropriately reassert a previously withdrawn route (mitigated by attestation expiration)

Misapplication of local policy-- not even detectable by other ASes, due to privacy of local policies

Suppression of BGP messages by a misbehaving BGP speaker -- since AS1's BGP policies are not typically available to AS2, there is no simple way for AS2 to determine if AS1's speakers are misbehaving