Gert, but you are assuming that the person trying to access RIPE NCC Service is the SAME that is responsible for messing/clearing it up? That is for me not necessarily the same person. regards, Kurt Am 18.03.21 um 17:08 schrieb Gert Doering:
Hi,
On Thu, Mar 18, 2021 at 04:56:22PM +0100, Kurt Kayser wrote:
They should raise their connectivity issue locally with their network provider that should fix the problem. Uh, no... if someone has a bad ROA, and the NCC does RPKI ROV, that user has no way to talk *to the NCC portal* anymore. And that is what would be needed to actually "fix the problem".
OTOH I'm with Erik here - if someone messes up their ROAs, they will need to find an Internet cafe or a LTE hotspot to hook their laptop to, and then they can access the portal again to fix it. So I wouldn't worry too much about that situation.
Maybe the portal can have a double check added ("you connect from IP 2001:db8::1234, AS 65003, do you really really want to add a ROA for this network and AS 12345? It will kick you out of the portal!").
Gert Doering -- NetMaster