Slashdot Mirror

Acording to ICANN the sponsor for .xxx is The International Foundation for Online Responsibility. It wopuld be a bit weird when the organisation's main source of funding will come from the pr0n industry.
IFFOR brought to you by nastygirls.xxx

Please excuse the tackiness of replying to my own story...

In reading one of the links here, I saw an interesting (and unanswered) question raised. What if your registrar goes out of business? One person in this thread mentioned that his registrar had closed shop. Prior to doing that, they changed the registration on his domain to that of the registrar's company and now he can't get it back.

I own a two-letter domain and the possibility of something like this happening is of concern. ICAAN doesn't address this in their FAQ. One thing that they *do* discuss is that they are eliminating two-letter domain names in the .com TLD. You cannot register one anymore. If you have it, you can keep it. But if you lose it, you cannot get it back. Versign et. al. will not allow to register a two-letter domain. The only thing on the ICANN site that comes close to explaining why is this TLD Agreement. While most of my domains are registered through GoDaddy, I keep my two-letter domain with Verisign. They seem to have the greater chance of longevity.

Does anyone know what recourse is available if a register closes shop?

You may be in luck if the company uses a domain with a TLD mandated by ICANN (COM, NET, ORG, BIZ, INFO, etc.).

With the new WDRP (Whois Data Reminder Policy) from ICANN, domain registrars are obligated to make sure their customers provide valid whois data for their domains. If they don't the domain can be pulled.

As for carorcar.com, the whois data shows an owner in China, but with a US country code and zipcode (I think), and a phone number (+01.3212353319) in Brevard County, Florida. Heck, I can even see it's listed with a R. Young in Orlando.

If you can convince their registrar that this is bogus, he might get the domain shut down.

Ok, So the the federal courts have ruled in favor of these people, this is a Good Thing[TM] IMHO...However, who's to say they can't try to then persue this through ICANN which has its own rather nutty Domain Dispute Policy which has done things like uphold a claim by Molson (beer) to own canadian.biz (which was later overturned in canadian courts...) Who exactly has the ultimate jurisdiction here?

Verisign has very explicit contracts for operating the TLD's and their respective nameservers.

They are in violation of the part of the .COM TLD Agreement which specifies that they must comply with the IETF RFC's, and probably are similarly in violation of their other contracts.

Verisign has very explicit contracts for operating the TLD's and their respective nameservers.

They are in violation of the part of the .COM TLD Agreement which specifies that they must comply with the IETF RFC's, and probably are similarly in violation of their other contracts.

http://www.icann.org/faq/

Verisign doesn't run .org, PIR does. This page details the registrars for the most common TLDs.

"The contractual inconsistencies include, violation of the Code of Conduct and equal access obligations agreed to by VeriSign, failure to comply with the obligation to act as a neutral registry service provider, failure to comply with the Registry-Registrar Protocol, failure to comply with domain registration limitations, and provision of an unauthorized Registry Service."

The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions. These services were originally performed under U.S. Government contract by the Internet Assigned Numbers Authority (IANA) and other entities. ICANN now performs the IANA function.

ICANN already requires that "At least annually, a registrar must present to the registrant the current Whois information, and remind the registrant that provision of false Whois information can be grounds for cancellation of their domain name registration. Registrants must review their Whois data, and make any corrections."

Isn't this just a case of US lawmakers legislating something that is already (supposedly) required?

I'm not sure if your question was serious or not but I was curious about the OS used for this.

The best I could do was this document referencing Y2K from ICANN's site.

The root servers themselves all use some variant of the Unix operating system, however both the hardware base and the vendors' Unix variants are relatively diverse: of the 13 root servers, there are 7 different hardware platforms running 8 different operating system versions from 5 different vendors.

I would not be surprised if at least one of those systems is running something from SCO.

The page also mentions they all run BIND. I'd like to see a couple of those things running DJBDNS or any other high availablity DNS service for variety's sake. Pulling from my admittedly n00b-level knowledge of DNS, the DBs for the two packages are incompatible, apparently throwing that option out. Anyone with more experience with the two care to clarify why they run BIND only?

The attempt to profit from a domain name is a statutory element of bad faith under the Anti-Cybersquatting laws. Whether or not a person did try to profit, under the law, is something for a judge/jury to determine. It doesn't look good if you get an offer (which companies make all the time to avoid the legal costs) then make a huge, unfounded counteroffer.

Besides, if you are truly violating a trademark, it isn't like you are entitled to get your costs back. If your costs are large, a company will probably go to the WIPO for an arbitration and just take the name. That process is much cheaper than $10,000, anyway.

The obvious solution is, of course, to lobby ICANN to create a new .spam top level domain for all spammers. Of course, with subdomains like .v1agra.spam, .loans.spam etc.

The company operating the .spam registry would be profitable in nanoseconds, as all spammers rush to register their brand new spam domain.

OT: Let's tax all customers of the dot-spam registry. Simple. Unadorned.

b) get a lot of hits due to the previous owners stupidity
c) Be able to generate lots of ad impressions

(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant's mark as to the source, sponsorship, affiliation, or endorsement of your web site or location or of a product or service on your web site or location.

b. Evidence of Registration and Use in Bad Faith. For the purposes of Paragraph 4(a)(iii), the following circumstances, in particular but without limitation, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith:
(i) circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name...

I don't think I've seen anyone post this yet or not, but ICANN maintains a list of all accredited registars. You may be surprised how many there are. It also lists which TLDs each one can register for you.

Naturally, some are probably much better than others. I'd recommend godaddy.com, gandi.net, or joker.com.

Additionally, if do not want your contact information to be public, you can use DomainsByProxy.com. You register through a registrar that's one of DBP's affiliates and pay an extra $15/year or so and they act as a proxy for the domain contact. They list their postal and email addresses for your domain, and forward you anything that is sent, optionally filtering for spam. You still own the domain name, and the default if anything comes up (i.e. they suspect you of spamming or something) is that the registration information reverts to your own true contact information... So it's kind of "fail-safe" in that respect.

1. The Department of Commerce; VeriSign's contract to operate .com and .org was originally with them.
2. The Federal Communications Commission, which oversees telecommunications.
3. The Senate Commerce Committee's Subcommittee on Communications; contact the committee itself, the chairman, the ranking member, and any of the other members you'd like.
4. The House Subcommittee on Telecommunications and the Internet, including the committee itself, the chairman, the vice-chairman, and the ranking member. Plus any of the other members you feel like contacting.
5. The Federal Trade Commission, which hears consumer complaints.
6. Your U.S. Representative
7. Your Senators
8. Your Governor
9. Your State Legislators
10. ICANN's wildcard comment address
11. Finally, complain to the media. If they get enough letters on a topic, they'll run stories. Try the New York Times, the Washington Post, the Washington Times, the Los Angeles Times, USA Today, the Wall Street Journal, CNN, Fox News, CBS News, ABC News, NBC News and MSNBC.

Remember, VeriSign is busy telling them its side of the story. We need to tell them ours!

Well, this decision could finally destroy the system of DNS. We have seen so many attempts from virii^wadware to abuse it. And - this might be far fetched - the http://www.ebay.com@www.evilcrackerdomain.com could also be seen as one trial.

What would the result be? Some IT people coming from a university would make the existing approaches to freenet perfect. At least, I find this outcome most likely.

Please don't misinterpret this as some kind of rant/flamebait:
Go ahead an destroy this DNS system, which has become more and more unusable (thanks to lawyers and to ICANN)..

The ICANN Information page on Verisign's Wildcard Service" elicits comments from Members of the Internet community. Emails are to be copied to wildcard-comments@icann.org A selection of comments is viewable here.
I'd suggest making your comments now.
Regarding the Verisign survey...more information about it is in this article. Excerpts:
The survey, a telephone poll of 1,000 internet users who could recall seeing Site Finder, was conducted by Markitecture and Harris Interactive and commissioned by VeriSign. It has a margin of error of plus or minus 5%

On the opposing side, Tucows Inc, a domain name registrar that competes with VeriSign, said a poll of its resellers (generally ISPs and web hosting companies) indicated that 90% of respondents wanted Site Finder turned off.

The ICANN Information page on Verisign's Wildcard Service" elicits comments from Members of the Internet community. Emails are to be copied to wildcard-comments@icann.org A selection of comments is viewable here.
I'd suggest making your comments now.
Regarding the Verisign survey...more information about it is in this article. Excerpts:
The survey, a telephone poll of 1,000 internet users who could recall seeing Site Finder, was conducted by Markitecture and Harris Interactive and commissioned by VeriSign. It has a margin of error of plus or minus 5%

On the opposing side, Tucows Inc, a domain name registrar that competes with VeriSign, said a poll of its resellers (generally ISPs and web hosting companies) indicated that 90% of respondents wanted Site Finder turned off.

The ICANN Information page on Verisign's Wildcard Service" elicits comments from Members of the Internet community. Emails are to be copied to wildcard-comments@icann.org A selection of comments is viewable here.
I'd suggest making your comments now.
Regarding the Verisign survey...more information about it is in this article. Excerpts:
The survey, a telephone poll of 1,000 internet users who could recall seeing Site Finder, was conducted by Markitecture and Harris Interactive and commissioned by VeriSign. It has a margin of error of plus or minus 5%

On the opposing side, Tucows Inc, a domain name registrar that competes with VeriSign, said a poll of its resellers (generally ISPs and web hosting companies) indicated that 90% of respondents wanted Site Finder turned off.

"the BIND9 patch has been downloaded ... by about 15,000 users"

A lot of these people probably started using the patch is some way or another, and I bet not all of them needed it. For each ISP blocking .name, that will be one too many, and it's better to err on the side of caution here, or tell too many people about the dangers rather than too few.

Did I miss something, or did McLaughlin manage to avoid discussing any of the issues ICANN raised in their demand to take down Sitefinder? Instead, he just gives a tiresome "ad hominem" attack on ICANN and its motives. As if that's supposed to build sympathy for his cause...

VeriSign can't arbitrarily raise their resgistry prices. See Verisign's contract with ICANN, section 22, and also Appendix G.

VeriSign can't arbitrarily raise their resgistry prices. See Verisign's contract with ICANN, section 22, and also Appendix G.

Previously, such queries returned RCODE 3 ("name error"), the negative response defined in the official DNS protocol specification, RFC1035 [4]. VeriSign now returns an IP address for a special server, thereby creating the appearance the requested domain name exists. The special server handles the subsequent requests for application level services, e.g. web, email, etc.

4. Nameserver functional specifications

Nameserver operations for the Registry TLD shall comply with RFC 1034, 1035, and 2182

"Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service."

Previously, such queries returned RCODE 3 ("name error"), the negative response defined in the official DNS protocol specification, RFC1035 [4]. VeriSign now returns an IP address for a special server, thereby creating the appearance the requested domain name exists. The special server handles the subsequent requests for application level services, e.g. web, email, etc.

4. Nameserver functional specifications

Nameserver operations for the Registry TLD shall comply with RFC 1034, 1035, and 2182

"Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service."

Previously, such queries returned RCODE 3 ("name error"), the negative response defined in the official DNS protocol specification, RFC1035 [4]. VeriSign now returns an IP address for a special server, thereby creating the appearance the requested domain name exists. The special server handles the subsequent requests for application level services, e.g. web, email, etc.

4. Nameserver functional specifications

Nameserver operations for the Registry TLD shall comply with RFC 1034, 1035, and 2182

"Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service."

Previously, such queries returned RCODE 3 ("name error"), the negative response defined in the official DNS protocol specification, RFC1035 [4]. VeriSign now returns an IP address for a special server, thereby creating the appearance the requested domain name exists. The special server handles the subsequent requests for application level services, e.g. web, email, etc.

4. Nameserver functional specifications

Nameserver operations for the Registry TLD shall comply with RFC 1034, 1035, and 2182

"Without so much as a hearing, ICANN today formally asked us to shut down the Site Finder service."

Probably should have RTFA then, huh? Both the .COM and .NET contracts were linked from Dr. Twomey's letter. Verisign's lawyers are probably pouring over section "Y" as you read this. ;)

Probably should have RTFA then, huh? Both the .COM and .NET contracts were linked from Dr. Twomey's letter. Verisign's lawyers are probably pouring over section "Y" as you read this. ;)

1. The Department of Commerce; VeriSign's contract to operate .com and .org was originally with them.
2. The Federal Communications Commission, which oversees telecommunications.
3. The Senate Commerce Committee's Subcommittee on Communications; contact the committee itself, the chairman, the ranking member, and any of the other members you'd like.
4. The House Subcommittee on Telecommunications and the Internet, including the committee itself, the chairman, the vice-chairman, and the ranking member. Plus any of the other members you feel like contacting.
5. The Federal Trade Commission, which hears consumer complaints.
6. Your U.S. Representative
7. Your Senators
8. Your Governor
9. Your State Legislators
10. ICANN's wildcard comment address
11. VeriSign itself
12. Finally, complain to the media. If they get lots of letters on a topic, they'll run stories. Try the New York Times, the Washington Post, the Washington Times, the Los Angeles Times, USA Today, the Wall Street Journal, CNN, Fox News, CBS News, ABC News, NBC News and MSNBC.

1. The Department of Commerce; VeriSign's contract to operate .com and .org was originally with them.
2. The Federal Communications Commission, which oversees telecommunications.
3. The Senate Commerce Committee's Subcommittee on Communications; contact the committee itself, the chairman, the ranking member, and any of the other members you'd like.
4. The House Subcommittee on Telecommunications and the Internet, including the committee itself, the chairman, the vice-chairman, and the ranking member. Plus any of the other members you feel like contacting.
5. The Federal Trade Commission, which hears consumer complaints.
6. Your U.S. Representative
7. Your Senators
8. Your Governor
9. Your State Legislators
10. ICANN's wildcard comment address
11. VeriSign itself
12. Finally, complain to the media. If they get lots of letters on a topic, they'll run stories. Try the New York Times, the Washington Post, the Washington Times, the Los Angeles Times, USA Today, the Wall Street Journal, CNN, Fox News, CBS News, ABC News, NBC News and MSNBC.

I for one will be happy to see VeriSign blasted on this one

Well, blast away . . .

ICANN is accepting comments on Sitefinder. This page also has links to various official letters they've received.

Register.com might be the next one to file suit, given their strongly-worded letter which was sent to VeriSign and ICANN.

The Stop Verisign DNS Abuse Petition is still going strong, with 15,000 signatures. ICANN still hasn't had the sense to post it on their website, though. They have a public forum at the very bottom of the page here at least, with 64 comments (many from the petition site, as we're giving folks the option to forward those along to ICANN too).

Register.com might be the next one to file suit, given their strongly-worded letter which was sent to VeriSign and ICANN.

The Stop Verisign DNS Abuse Petition is still going strong, with 15,000 signatures. ICANN still hasn't had the sense to post it on their website, though. They have a public forum at the very bottom of the page here at least, with 64 comments (many from the petition site, as we're giving folks the option to forward those along to ICANN too).

3. VGRS shall not in any way attempt to warehouse, or register domain names in its own right other than through an ICANN-accredited registrar, except for names designated for operational purposes in compliance with Section 24 of the Registry Agreement. VGRS will certify to ICANN every six months that it is abiding by this commitment.

It's also my interpretation that their * actions are in violation of other U.S. laws. I'm not alone on that interpretation, as GoDaddy and Netster are taking action to sue.

I don't think I've seen this posted before, but some people may find it interesting. Here's the contracts between ICANN and Verisign for .com and .net (.org is there also, but it no longer applies).

I'm glad the IAB took that position. Hopefully Verisign will do the right thing....but, given their history, they probably won't.

We started a petition on Tuesday, and it got more than 16,000 signatures, before the site apparently got Slashdotted or something. We had to move it to a new server, with backups of the first 10K signatures. The new link is:

Stop Verisign DNS Abuse Petition

We also made announcements here and here, including having sent a hardcopy of the first 10,000 signatures to ICANN via FedEx. Thanks for all the support!

I'm glad the IAB took that position. Hopefully Verisign will do the right thing....but, given their history, they probably won't.

We started a petition on Tuesday, and it got more than 16,000 signatures, before the site apparently got Slashdotted or something. We had to move it to a new server, with backups of the first 10K signatures. The new link is:

Stop Verisign DNS Abuse Petition

We also made announcements here and here, including having sent a hardcopy of the first 10,000 signatures to ICANN via FedEx. Thanks for all the support!

I authored the petition. Seems the old site is Slashdotted, and so it's now on a NEW server. Please change your links to point to:

http://www.whois.sc/verisign-dns/

instead. Hopefully this server survives!

I've made mirrors here too, in case the primary goes down again. We lost some data, but not the first 10,500, as I had archived them.

I also made an announcement on the ICANN mailing list here and here.

I authored the petition. Seems the old site is Slashdotted, and so it's now on a NEW server. Please change your links to point to:

http://www.whois.sc/verisign-dns/

instead. Hopefully this server survives!

I've made mirrors here too, in case the primary goes down again. We lost some data, but not the first 10,500, as I had archived them.

I also made an announcement on the ICANN mailing list here and here.

-Lucas

(Granted, many argue that's needed of ICANN anyways, but more prodding of 'Justify your existence, dammit' can't hurt... ;) )

This is an email I just sent out to Icann.org. Portions of this (well, most...) are taken from the text and comments to be found in this Slashdot article. I encourage each of you to also send this email to comments@icann.org to complain, and if you have a blog, spread the word by cross-posting this to your website. Verisign must be stopped, at any cost.

----- Original Message -----
From: joe at szilagyi.us
To: comments@icann.org
Sent: Tuesday, September 16, 2003 8:48 AM
Subject: sitefinder.verisign.com

As of 7:45 PM US Eastern on Mon 15 Sep 2003, VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the taskby the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.)

This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time.

Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless.

Verisign has continually been abusing the power that has been handed out to them. Two such examples are its mailing of false renewal notices, and its most recent exploit: sitefinder.verisign.com. Now, nearly all mistyped names will be sent to Verisign where they can do whatever they like to the unwitting user. There are even categories on sitefinder.verisign.com where one can browse and go to sites which are undoubtedly paying Verisign for the space.

Please take this, and the hundreds or thousands of e-mails you will receive, into consideration, and exercise the power that ICANN has. Verisign has continually been abusing and tricking people through deceptive business practices, and this should be the last straw. Verisign should not only be removed from it's post, but it should also be fined for its numerous escapades designed to make money.

__________________________
Joe / http://szilagyi.us
Never give up, never surrender.

This is an email I just sent out to Icann.org. Portions of this (well, most...) are taken from the text and comments to be found in this Slashdot article. I encourage each of you to also send this email to comments@icann.org to complain, and if you have a blog, spread the word by cross-posting this to your website. Verisign must be stopped, at any cost.

----- Original Message -----
From: joe at szilagyi.us
To: comments@icann.org
Sent: Tuesday, September 16, 2003 8:48 AM
Subject: sitefinder.verisign.com

As of 7:45 PM US Eastern on Mon 15 Sep 2003, VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was 'somecompany.com,' and somebody typed 'soemcompany.com' by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the taskby the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.)

This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time.

Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless.

Verisign has continually been abusing the power that has been handed out to them. Two such examples are its mailing of false renewal notices, and its most recent exploit: sitefinder.verisign.com. Now, nearly all mistyped names will be sent to Verisign where they can do whatever they like to the unwitting user. There are even categories on sitefinder.verisign.com where one can browse and go to sites which are undoubtedly paying Verisign for the space.

Please take this, and the hundreds or thousands of e-mails you will receive, into consideration, and exercise the power that ICANN has. Verisign has continually been abusing and tricking people through deceptive business practices, and this should be the last straw. Verisign should not only be removed from it's post, but it should also be fined for its numerous escapades designed to make money.

__________________________
Joe / http://szilagyi.us
Never give up, never surrender.

Here is the agreement that Versign operates the .COM and .NET TLD's.

Section 3.C.ii says:

To the extent that Consensus Policies are adopted in conformance with Section 4 of this Agreement, the measures permissible under Section 3(A)(ii)(b) shall include, without limitation: prohibitions on warehousing of or speculation in domain names by registries or registrars

Does this mean that they are prohibited from doing this as a registar?

I would be more interested in a fix for djbdns

done: the patch is here