Slashdot Mirror
VeriSign DNS in Trouble
hesiod writes "Over at CNet News, there is an article reporting that VeriSign may lose their ability to sell domains. Evidently, ICANN is miffed because VS's WHOIS database has incorrect information. Not exactly news to most of us, but they have been given 15 days to fix the errors, or risk losing the ability to sell domains."
Have they actually abused their power? Or is this just politics?
ideas should be free
1. Mess with WHOIS database
2. ?
3. Profit
Ok, everyone who has a domain registered through VeriSign, please rasie you hand ... for shame ... you are all sentenced to 100 MetaModerations a day for a month. Now get to it!
I'm sorry, but my rebuttal is: "HAHAHAHAHAHAHAHAHAHAHAH!"
Only Seventeen?! I'd wager 15% of the domains on there are pointed to the phone number 123-456-7890 at the address of 123 Main Street. I'd call that the beginning of a pattern. Buncha jerks.
A winner is you!
True, bogus WHOIS data makes it very hard to track down spamm^H^H^H^H^Htroublemakers on the 'Net, but is this really Verisign's fault?
If I register floobydust.com, and I fill in a contact email that becomes invalid three days after I go live, is that Verisign's fault? What should they do, spam everybody in their WHOIS and purge the bounces?
I can think of lots of reasons to yank Verislime's ability to sell domains, but I'm not sure this is one of them.
www.eFax.com are spammers
One of the records in question is that for dundjerski.com, in which there is false information for the Administrative Contact:
Dundjerski, Marina (MDE220)
Marina Dundjerski
000 Blank St.
No city, XX 00000
US
123-123-1234
However, on the same record, the "Registrant" field lists an address for the same name as above. If this is the worst that they can come up with, I hardly consider this a big deal.
-molo
Using your sig line to advertise for friends is lame.
Verisign has given me about 15 days to renew my registration of domain.
Not gonna happen.
Hello gandi.net
Jesus was all right but his disciples were thick and ordinary. -John Lennon
# whois Dundjerski.com
Whois Server Version 1.3
[...]
Administrative Contact:
Dundjerski, Marina (MDE220) marina10@EARTHLINK.NET
Marina Dundjerski
000 Blank St.
No city, XX 00000
US
123-123-1234
# date ; whois Dundjerski.com | grep updated
Wed Sep 4 18:12:24 EDT 2002
Database last updated on 4-Sep-2002 18:12:24 EDT.
# date ; whois Dundjerski.com | grep updated
Wed Sep 4 18:12:25 EDT 2002
Database last updated on 4-Sep-2002 18:12:25 EDT.
# date ; whois Dundjerski.com | grep updated
Wed Sep 4 18:12:26 EDT 2002
Database last updated on 4-Sep-2002 18:12:27 EDT.
No, but I just registered a domain with godaddy.com last week, and got a post card from Versign today saying I can transfer domains to them for $15, and get a 1 year extension.
Funny I've been considering transfering my 3 domains from Verisign to Go Daddy for half that. That postcard sold me, I will now.
"Pay for my P.O. Box and I'll update my contact information. I'm not giving people my home address."
Why did you say this? Where does it say that a P.O. Box is problematic?
A.
...bringing you cynical quips since 1998
The DNS operations are a completely different thing from the issuing of SSl certifications. So, there is no fear in that going away.
what law is it breaking to have incorrect data?
in fact, i have incorrect data because i and my wife were being stalked - and the WHOIS database is where he thought i lived. He went looking for us at the old address.
and what's the worst part of all - to have ANY level of security from a whois search that could give sickos and perverts your address is by getting a P.O. Box.. from the USPS!
Imagine, the key to internet privacy is the Postal Service. Now that's just great.
guns kill people like spoons make Rosie O'Donnell fat.
It is about .org deal .net and 5 year on .com names
- Getting rid of Verisign in the
- Getting rid of Verisign before they get the 3
year on
- Getting rid of a company that is going bankrupt
and is highly fraudulent (snapnames, bogus
invoices etc)
- ICANN itself getting out of the spotlight for
firing its At Large Directors
AFAIK, the "authority" behind a Verisign SSL certificates is... Verisign itself. So the question raised is not whether Verisign can continue to sign certificates, but whether anybody should trust Verisign's assurance that company X is legit.
I have just finished a month long battle with VeriSign to get access to a domain. I would fax them an authorization letter, they would email me back saying I missed the coma on the 21st page after the statment of intent blah blah. I finally got everything to their liking but they didn't respond for a couple more weeks. So I headed over to domainmonger and did a transfer, and was up and running in a day and a half.
I can kind of understand why a larger company would like to know that someone has to jump through major hoops before someone can hijack their domain, but for me all there security was a major pain in the ass. Plus, the last time I checked, they were using some ibm ssl software that doesn't let you use mozilla to manage your account. I am going to plug domainmonger here, I have no affiliation with them, I am just a happy customer.
domainmonger.com
I have had such good luck with domainmonger, they are not a large operation, but I have never had trouble getting ahold of someone if I have had a problem.
....
posting makes you feel goooooodd.
Currently you are contractually obligated to provide correct whois information by the terms of service that propagated from ICANN.
SPAMMERS usually use false domain information to hide. Maybe the spammers don't want us breaking into their houses to watch TV and use their computers? Why not, their houses are connected to public roads, so we can use them. Right???
Fight Spammers!
http://www.icann.org/correspondence/touton-letter- to-beckwith-03sep02.htm
Cites the 17 broken entries.
I'm sure ICANN can't be too happy with VS for its somewhat shady business practices recently. Is this just them using a techinicality to nibble at them (akin to tax law suits lodged against bootleggers)?
ICANN should not threaten to take Verisign's licence to sell domains, they should just do it. The scam they ran trying to get customers of other registrars to switch to them with bogus renewal notices should be all the impetus ICANN needs. I recieved those bogus notices for uncoveror.com, and dontbuycds.org, but godaddy.com had already warned me they were bogus.
The Uncoveror: It's the real news.
he's saying the only way he'll put in accurate info is if that info is a P.O. Box, which costs money. He doesn't want to list his home address for obvious reasons.
I don't use Verisign.
Wasn't this this the "spam" arm of NSI?
"To those who are overly cautious, everything is impossible. "
The problem isn't that Verisign has incorrect data. The problem is that they "agreed to take reasonable steps to investigate and correct its Whois data in response to any reported inaccuracy" and have not done so. It is that they KNOW they have incorrect data and haven't corrected it.
How could ICANN stop them from selling SSL certificates?
It'll be intresting to see if VeriSign can actualy fix this in the time alloted, given their amazingly shitty technical skills.
autopr0n is like, down and stuff.
Register.com for a couple, godaddy now that I managed to get my own DNS server running :P
autopr0n is like, down and stuff.
People would complain to Network Solutions about spammers having obviously bogus WHOIS information (such as phone numbers of --- --- ----), and their reply was that "WHOIS information is ot guaranteed to be accurate".
I think the response is that, if a given set of WHOIS contact information is bogus, and people complain about the bogus information, Verisign should pull the domain in question until they update the information to have legitimate contact info.
A spam-friendly domain without real WHOIS contact information should be pulled until the information is updated. People should be held more accountable for what they put up on the internet; non-bogus WHOIS contact info is a start.
- Sam (Pot. Kettle. Black. I've moved since signing up for my domains, and have not updated the WHOIS contact info)
The secret to enjoying Slashdot is to realize that it should not be taken too seriously.
"he's saying the only way he'll put in accurate info is if that info is a P.O. Box, which costs money. He doesn't want to list his home address for obvious reasons."
Thank you, I didn't twig to that. On the other hand, I must point out that if the poster doesn't already *have* a P.O. Box (or the equivalent) that game has already been lost.
A.
Who has had a P.O. Box all of his adult life.
...bringing you cynical quips since 1998
My company had about eight domains registered through Verisign and were subjected to a few of Verisigns fraudulent business practices as well as their hideous, hideous service.
If they get punished for ANYTHING that will give me a little satisfaction. It's kind of a rarity for companies to be held responsible for being arrogant f-ups. Let's hope this gets carried through and they get the spanking they deserve.
First of all, I'd be willing to bet the numbers are rather high for fake addresses, across a good number of domain registrars besides VeriSign. There have to be some people out there creative enough to make up addresses that sound plausible... but just don't happen to belong to the person registering the data. (As opposed to 123 Main St, (123) 456-7890.)
I realize that keeping data on who domains belong to is somewhat important, but I don't see why this data has to be made available to the general public. Yes, it lets people trace the supposed owner of a domain... which can mean nothing, if the owner and the person maintaining the website aren't the same. It can also give people an avenue to harass you, especially if you happen to host any content that's in any way controversial.
Once, owning a domain was something businesses did. The average person had an email like jdoe@isp.net, and a web address that probably looked like http://www.isp.net/~jdoe. There are still plenty of those out there. There are also those of us who aren't content with the tiny amount of capability our ISP accounts come with, and so pay for third-party hosting... and a domain.
My domain holds a bunch of stuff. A forum for a hobby of mine. My public journal. Some links. Nothing out of the ordinary. I don't see why it's in any way important for other people to have easy access to my address and phone number. If the police need it, let them get it from my registrar.
I don't think there should be a blanket assumption that domains are going to belong to businesses who don't have anything to lose from their contact info being public.
On the other hand, I must point out that if the poster doesn't already *have* a P.O. Box (or the equivalent) that game has already been lost.
What game is that? Yes, it's possible to track down my address from my domain name, but it's sufficiently difficult to stop most people.
Do you expect a company to keep track of the mailing addresses and names - the very IDENTITY of its clients?
I mean, are there even companies whose business is to guarantee that someone is who they say they are and that they provide accurate information?
The very idea is ludicrious!
Seriously though...why not have government controlled digital signatures? They could use the passport system (not Microsoft's...the kind you get before you go to another country) as a starting point. It seems like one of the rare chances for beneficial government interference. Sure, we'd lose a particular private sector, but it'd give lots of people the same warm, fuzzy feeling that the FDIC does.
They've already got one # to represent each person anyway.
Really looking for (negative) responses here; I can't see anything bad about this (and I'm usually against government intervention).
Mod me down and I will become more powerful than you can possibly imagine!
"What game is that?"
Well, the previous poster claimed 'obvious reasons'. I interpreted that to mean 'wants to keep physical address more or less private'. You may or may not actually feel that way. I was also thinking more generally than just domain names. If you don't use a P.O. Box, your real address appears in far too many places to consider it private.
A.
-100 Offtopic
...bringing you cynical quips since 1998
I wonder if they are established enough in the net community to fork DNS and start up their own DNS architecture.
Uh-huh, and how many did ICANN check to get those 17? Is that 17 out of 10.3M or 17 out of 32? Verisign obviously thinks everyone is dumber than they are.
One line blog. I hear that they're called Twitters now.
17 records out of 10 million? This is ICANN "making hay" to look like they're sticking up for the little guy and a blatant public relations move after they went ahead and pushed through WLS despite an overwhelming vote against it by pretty much everyone ...except for the gTLDs (ie, .COM and .NET, which, amazingly enough, Verisign controls.).
ICANN is so in bed with Verisign it's not even funny. This is a nudge-nudge wink-wink arrangement between them so ICANN can look like they're doing their job and Verisign takes a black eye that nobody will remember in a year so that WLS happens.
Do not be fooled.
My
Limekiller
Wasn't there a case recently where an arbitrator based his decision in part on bad whois info for the domain (I believe it was a .biz so it didn't involve verisign). But this is an important reason why the whois must be accurate.
Well, the previous poster claimed 'obvious reasons'. I interpreted that to mean 'wants to keep physical address more or less private'.
Well, mainly I just don't want someone getting pissed at something I write on my website or on slashdot showing up at my doorstep. Yes, it's still possible, so maybe I'm just being overly paranoid.
If you don't use a P.O. Box, your real address appears in far too many places to consider it private.
Perhaps. At the moment I just moved 4 days ago, so pretty much no one who doesn't know me personally has my real address. And if I could lie completely about my address, instead of putting an old address, it would be pretty much impossible to figure out which "Anthony DiPierro" I happen to be. The phone number is real, but it's an efax number, so unless you have a subpeona, you're not going to get my identity from it.
what law is it breaking to have incorrect data?
Breach of Contract.
When a registrar signs up with ICANN, they sign a binding contract. Whether or not you agree with the contract, it is a binding contract. Below is an excerpt:
3.7.7.1 The Registered Name Holder shall provide to Registrar accurate and reliable contact details and promptly correct and update them during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.
source
I'd guess far more than that. Pretty much every time I go to look up a domain, it's got bad info. Of course, the only reason I look up domains is when I'm annoyed at the spam they've left in my inbox or the attack attempts they've left in my logs.
So I dunno about the converse, but bad internet citizenship seems to be an excellent predictor of bad contact info.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
(I'd be more shocked if I were to learn that someone there knew the difference between good data and bad)
Eloi, Eloi, lema sabachtani?
www.fogbound.net
looks like they totally fucked up the site!
MARIJUANA, SHROOMS, X: ONLINE?! - E
Once, on some weird whim, I tracked down and contacted the person registered as owner of a spam domain. Turned out to be an elderly lady who didn't even own a computer! Obviously the real owner got her name and address out of a phone book. I reported this to the registrar, Verisign, and got back a form email about jerking domains not having any effect on spam. No comment on the fact that they had helped perpetrate a fraud!
What's your home address?
If anything I do using my domain names annoys or intrigues you, I cheerfully encourage you to use whois to find out. Call before coming to my house and I'll even bake cookies.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
It's not breaking a law. It's breaking a contract.
The agreement that ALLOWS Verisign to be a registrar requires that they provide accurate information in the whois database for all contacts.
They are required to verify said information upon registration, and to correct errors promptly when they are found.
In other words, you cannot 'anonymously' register a domain.
Privacy? If you want privacy, don't go to the trouble of having your own domain, that's pretty simple. That's like saying you want to get a business license and open a shop in your town, but you don't want anyone to know where you live or who you are.. well guess what, your business license and said filings are a matter of public record, and anyone can go see them.
This is not dissimilar.
I had the same problem getting VeriSign to change a domain host, they ignored faxes, etc. I finally got it moved, but was tired of the BS from VS. So I tried to move to a new registrar, GoDaddy to be exact, and got a "the current registrar has denied your transfer request." GoDaddy says there is nothing they can do about it and that I must take up the issue with VeriSign. I am of course seething mad. I am paid up. I am in compliance with their entire Service Agreement. The link in the Service Agreement that refers to changing registrars leads to a Procedure for changing restrants, not registrars. VeriSign ignored my first Help request. I just tried again and got the form email that says they will get back to me in 24hours. I'm hoping I don't have to send a certified letter to their legal department. Anyone have any advice out there?
Don't moderate flamebait as Troll. Know the difference or you will be Meta-moderated.
What's wrong? You don't want every slashdotter knowing your address? Maybe you see why I feel the same way? Somehow I doubt it.
I just got a domain back NSI had been holding for 3 years. ITS MINE NOW! MINE!
And this isn't a personal privacy issue; that is completely separate from VeriSign not updating WHOIS records when requested and telling customers to give false information.
But it is a personal privacy issue. Verisign is breaking its contract, but by doing so it's protecting its customers' personal privacy.
Please, no more pity posts for VeriSign!
I agree there. But please, no more pity posts for ICANN.
Instead lets have pity posts for the domain name holders. In the end that's who's going to lose, because Netsol will give in within 15 days, and won't lose their status as Registrar.
No, but I just registered a domain with godaddy.com last week, and got a post card from Versign today saying I can transfer domains to them for $15, and get a 1 year extension.
:-) Talk about rape.
Funny I've been considering transfering my 3 domains from Verisign to Go Daddy for half that. That postcard sold me, I will now.
Everyone using Verisign should take this opportunity to switch! The only reason anyone would use Verisign as their registrar anymore is laziness. We've all been bitching and moaning about how much Network Solutions sucked since before they even started charging for domains but we have a choice now. I would recommend GoDaddy as well. $8.95/year for a domain name and they have a decent web interface for administration. I can register a domain for 4 years for what Network Solutions was charging for 1 year!
They went through a process of changing Versign domain holders over to their new, improved system of authentication. On paper (or in my head) it was supposed to have been a question of assingning usernames and passwords and transparently changing the auth method.
What they actually DID do was rape the whole WHOIS database for lots of domains, changing zone contacts, technical contacts and in some cases administrative contacts to NO.VALID.EMAIL@blahblah, in many cases before or without EVER sending the stupid letters explaining what happened.
It was a TOTAL FUCKAROUND to get it fixed when it happened, especially when you got no information about specific domains (usernames, passwords).
I even had supervisors at Verisign tell me to make up my own letterhead and fax in changes for domains. They said all they looked for was info that looked vaguely professional. I eventually made a template in word that I faxed in when I pasted in new "logos" I ripped off from google.
VeriSign made a data entry error and listed my nic handle, something like, SW123 as the technical contact for a porn site. The nic handle of the real technical contact for the site was something like SW1234. They just dropped the last digit. I found out about the problem when angry customers of the porn site started contacting me. A couple threatened to sue me. I contacted VeriSign and asked them to correct the error. They refused. I explained the problem, they couldn't care less. I contacted the actual web site owner, in Australia, I live in the US, he never responded.
I found that I was on many porn dealer mailing lists. I contacted VeriSign. I started getting promotional offers for disks of barn yard porn. Both VeriSign and the owner of the site refused to reply to my emails. When I called VeriSign they told me to stop bothering them. They refused to take any action.
Eventually the owner tried to change the DNS server for the site, as technical contact I blocked it. They tried again, I blocked it. They tried to change the technical contact. I let them!
I was listed as technical contact for that site for more than 4 years. VeriSign refused to do anything. I was never able to contact the actual owners of the site. I contacted VeriSign by email and by phone repeatedly. They refused to do anything.
My name and my home address are still listed in directories of porn site operators.
I would like to see the President of VeriSign draw and quartered. I hate those guys. Putting them out of business is the least that should be done to them. They are sick sick sick bastards.
Stonewolf
www.easydns.com
No bullshit, great service.
-----
PGP Key ID 0xCB8FF658
About as likely to happen as uunet kicking Ziff-Davis off for violation of their anti-spam policy when they kept sending me all the comdex crap a few years ago and I complained.
Big money/companies like this get a whole other set of rules to play by. Probably a PR step to make ICANN look like heroes.
I've been reporting some big-name spamvertized sites that hide behind phony domain registrations, and I encourage others to do so.
It's a lot more than that. I've lost count of how many spammer domains I've tried to trace, only to be stopped cold by bogus registration info that, despite such being clearly prohibited by NetSol's terms of service, they never do anything about.
I used to think ICANN wasn't good for anything more than demonstrating how political infighting and empire-building quickly take the place of serving the common interests (of the Internet's users). Now, though, I find myself actually amazed that they're doing something right.
The proof will be in the next whois lookup I do...
Bruce Lane, KC7GR,
Blue Feather Technologies
You're quite correct; I do not follow your logic (or rather, I do, but I think it might be a bit simplistic).
The potential for mischief is very well controlled within the Slashdot milieux, and the site's purpose is limited to discussion. Both of these make anonymity appropriate and useful, with no significant drawbacks.
The same cannot be said for participation in the world at large. Sometimes anonymity is good, other times it is not. When it comes to interconnection with a shared resource, accountability is essential. That doesn't mean that people shouldn't have the means to send anonymous emails, or to use anonymizing proxies to surf the web. However, there is - as always - a need for balance.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
What RFC says that domains need valid WHOIS info? That's especially for the snail addresses and phone numbers, though I don't remember any requirement of any WHOIS info at all. Tonga (.to), for example, refuses to run a WHOIS server. ICANN isn't happy but Tonga has stood its ground. If you want the contact info for a .to domain, you have to file a subpoena for it. They consider user privacy more important than the wishes of spammers. Good on 'em, I say.
"Stole" as in "bought the company"? That's a quite interesting definition...
Why do you need any more "accountability" than that? If you want to take legal action against someone, you have to go to court. If you don't want to go to court, what you want the address for is extralegal action, such as spamming or stalking. There's no reason any registrar should assist in anything like that.
I have tried for months (and months) to get the host record for nexuscomputing.com removed. I have completed all the forms, called them (been told it will be removed immediatly, that it had been given a top priority), etc. Needless to say, the host record still points to the wrong damn IP address.
I also recently transferred my wife's busybride.com domain away from them, using joker.com and Verisign is now telling me that it is up for renewal. But if you check the whois information it is obviously registered with joker.com!
(No, I didn't register it with Verisign, the previous owner did and after buying it I also discovered Verisign's other scam, holding domains hostage after a sale and refusing to transfer them for 60 days).
Feh! A pox on their house.
Remember Lexington Green!
but whether anybody should trust Verisign's assurance that company X is legit
Good Question
Stop Continental Drift! Reunite Gondwanaland!
What's wrong? You don't want every slashdotter knowing your address? Maybe you see why I feel the same way? Somehow I doubt it.
You're quite correct; I do not follow your logic (or rather, I do, but I think it might be a bit simplistic).
Yes, it is simplistic. You don't want every slashdotter knowing your address. I don't want every slashdotter knowing my address. That's my "obvious reason" for not wanting to put my address in my whois data.
You seem to instead focus on justifications. But justifications don't change my desire for anonymity. Yes, if I get forced to put up my address, I will. Actually more likely I'll go ahead and buy a P.O. Box. I was considering it anyway. Or maybe I'll buy from one of the many places that let me buy a domain name anonymously. Actually after reading this article I'm thinking about starting one.
The same cannot be said for participation in the world at large.
We're not talking about the world at large, we're talking about a domain name.
Sometimes anonymity is good, other times it is not. When it comes to interconnection with a shared resource, accountability is essential.
Again, we're not talking about interconnection with a shared resource, we're talking about a domain name.
That doesn't mean that people shouldn't have the means to send anonymous emails, or to use anonymizing proxies to surf the web. However, there is - as always - a need for balance.
Yep, and putting my address on the internet for any idiot to see just because I buy a domain name exceeds that balance.
The internet isn't the real world. It's about time people start realizing that.
It's idiom, with a meaning kinda like "manana" (Slashdot won't let me put the tilde over that first n) in Spanish. I guess the closest English equivalent would be "someday..."
Eloi, Eloi, lema sabachtani?
www.fogbound.net
I'm going off incomplete facts here, but it sounds like in some of the cases ICANN sites, the registrants are trying to get their contact information changed and VeriSign isn't allowing them.
Do you have any quotes or references that suggest that? I read the article, I read the press release, and I don't see anything which suggests that.
I sincerely doubt Verisign is doing this to help their customers.
I agree with you there. Verisign's motive is almost certainly profit. But I don't really care about their motive so much as what they are doing. If they are protecting their customer's privacy, then I'm going to support that, regardless of their motive.
So whether or not in these specific cases they are trying to protect their customers privacy, I have first hand knowledge that the general complaints ICANN is raising are valid: VeriSign can be very slow or even completely unresponsive in changing WHOIS records.
That may be the case. In fact, from what I've read I believe it probably is the case. But that's not what ICANN is charging them with.
Also, if you want to register a domain, there has to be some way for people to contact you.
Well, I disagree. I don't think there needs to be some way for people to contact me. Certainly not without obtaining a subpeona. But in any case, I have provided my phone number and email address, as well as my name. There is absolutely no reason the public needs my mailing address as well.
No one requires you to give your home address, but you have to give some contact information.
More specifically, you have to give a mailing address.
Use a P.O. box or your work address, but if no one can reach you in the eventuality your domain is misused, you shouldn't have a domain.
As I said in my other post, I'll use a P.O. Box if ICANN pays for it. And I work at home.
With priviledges come responsibilites.
Yes, with the priviledge of being granted a monopoly comes the responsibility to not infringe upon my right to free speech.
I understand the various concerns such as frivolous lawsuits, but breaking one system to compensate for a broken system isn't the solution.
My concern is not over frivolous lawsuits. My concern is over burglers and psychos.
I also disagree with your characterization that my post was a "pity post for ICANN".
I agree. I wasn't referring to your post.
That said, while I don't support ICANN, I'm also not going to fault them for taking a step in the right direction and I see trying to clean up the WHOIS database as a step in the right direction.
And while I don't support Verisign, I'm also not going to fault them for taking a step in the right direction and trying to facilitate anonymous publication of free speech on the internet. I see allowing anonymous ownership of domain names as a step in the right direction.
I currently have several domain names through Tucows. Many of them have incorrect address information, and I don't want to be forced to change it. But if ICANN gets their way I will have four choices: fix the address, get a P.O. Box, subscribe through a provider who will put the domain in their name, or lose the domain. None of those choices are attractive to me, but I'll probably wind up getting the P.O. Box.