Slashdot Mirror
ICANN, IAB Ask VeriSign to Suspend SiteFinder
dmehus writes "ICANN issued an advisory late today concerning VeriSign's controversial SiteFinder service. The advisory requests that VeriSign voluntarily suspend SiteFinder until various independent and objective reviews, which are now underway, have been completed. Interested parties should see the advisory for more details." I think most people here can agree it was a bad idea, although it's not generating revenue for most of us either. ICANN isn't alone here either. Nuclear Elephant writes "The Internet Architecture Board issued this response to an ICANN inquiry about Verisign's SiteFinder service."
VeriSign's wildcard creates a registry-synthesized address record in response to lookups of domains that are not otherwise present in the zone (including restricted names, unregistered names, and registered but inactive names). The VeriSign wildcard redirects traffic that would otherwise have resulted in a "no domain" response to a VeriSign-operated website with search results and links to paid advertisements.
Why should VeriSign get the money ?
...in the meetings in which Verisign decided to implement SiteFinder.
Do you think they innocently believed they had found a valid loophole for commercial exploitation a legitimate feature of the Internet protocols?
Or did they say something like this? "Well, OK, so it does violate DNS specifications. People will scream. Let them scream. Nobody can touch us. The IETF has only moral authority. And ICANN and the U. S. Department of Commerce are never going to interfere seriously with any big, successful Internet company. So a few technies get angry, big deal."
I think the real solution is this: If Verisign wants to continue this practice then Verisign should have to pay to register each mis-typed domain. After all, the end effect of Verisign's Sitefinder is to dynamically create a domain if it isn't already registered. Making Verisign pay to register each of these mis-typed domains would most likely halt their practice. In my opinion, Verisign is now "domain squatting" on any domain that isn't registered.
Forgive me if I'm being idiotic about this, but relatively recently, the .museum TLD went live. It's just like any other TLD except that domains that don't exist diect you to a page saying the domain doesn't exist and with a couple of links. It's not very different than Verisign's SIteFinder, but there's little to no outcry over this. I'm curious because a lot of the objections about SiteFinder should also be true about the .museum TLD. What's different here?
In common with the majority of internet protocols, DNS is not a best-guess system, it is a technically accurate way of transferring information, with correct failover mechanisms. From the article:
As a lookup system, the DNS is designed to provide authoritative answers to queries.
And later...
The DNS is not a search service, and presenting speculative mappings based on HTTP inputs is not the service that the registry is expected to provide.
And later still...
To restore the data integrity and predictability of the DNS infrastructure, the IAB believes it would be best to return the .com and .net TLD servers to the behavior specified by the DNS protocols.
That seems to wrap it up really. I doubt any further studies will find differently, unless Verisign follows the apparently accepted way of paying for a biassed study......
Simple shoot marketing.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Actually, if you read that article you will find that it is dated January 25 and is a response to another Verisign screwup. That one was similar to the present one, but had specifically to do with "internationalized" domain names -- DNS records for strings with characters above ASCII position 127.
Historians find it important to check the dates of events and documents, so they can know which ones could possibly be responses to which other situations. For instance, an American comedian telling anti-French racial jokes in August 2001 could not possibly be responding to the French objection to Bush's war. Similarly, a document released January 25 2003 cannot be a response to a situation that arises the following September. Time just doesn't work that way.
Anyone else notice the lack of advanced notice that verisign gave ... well the world. I just can't immagine that they thought it through at all. If they wanted to do it you would think that they would have notified ICANN ahead of time or put up some sort of notice
We don't need no stinking sig!
So I guess Verisign interpreted that as "we better wildcard everything then."
No sig, sorry.
We won't have any of this "advertising" on the Internet. The Internet is surely doomed if we allow it.
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
Get the latest version of BIND to block that Verisign junk. go here
Now all it needs is support for the Evil-Bit in TCP/IP
Because for now, All our inexistant bases are belong to them.
instead of the verisign sitelooker page, I suggest that BIND (the software that runs 60% of the DNS) should be enhanced in several ways: The most important one, IMHO, is to compute a list of close matches and present these choices to the user. They may use the Soundex algorithm or some other tricks to see if characters are transposed, if one characters is wrong, if one is missing, etc. If well implemented, this would solve 60% of the problem. The remaining 40% is due to the fact that people sometimes doesn't actually mistype a known address... they type a dead wrong address, such as "amazonbookstore.com" instead of "amazon.com". In this case, BIND should split up the phrase into separate word (in this case "amazon book store" and redirect to a search engine with those words as parameters. The big question in this case is: which search engine? I think that one should be able to choose, in one way or another. If not, Google would be my choice ;-)
The difference is that virtually no one uses the .museum TLD. There have been complaints about the wildcards used for .cc, .nu and other TLDs. But it's only when they start playing games with .com and .net that people notice, because this affects everyone.
I'm glad the IAB took that position. Hopefully Verisign will do the right thing....but, given their history, they probably won't.
We started a petition on Tuesday, and it got more than 16,000 signatures, before the site apparently got Slashdotted or something. We had to move it to a new server, with backups of the first 10K signatures. The new link is:
Stop Verisign DNS Abuse Petition
We also made announcements here and here, including having sent a hardcopy of the first 10,000 signatures to ICANN via FedEx. Thanks for all the support!
The response in the orignal article links to something old. Here is the IAB's offical reponse. The bottom has a whole section on "Principles, Conclusions, and Recommendations" Good reading http://www.iab.org/documents/docs/2003-09-20-dns-w ildcards.html
except, this type of thing is not the responsibility of the DNS.
The fact that we tend to use DNS as an index of everything, and that humans can't get over "Www." is OUR problem, not a problem with DNS. DNS is a precise lookup service... we'd just like it to function as it always has, thanks.
DNS wasn't put here to look up websites, it's far more fundamental than that.. and if people are too lazy to learn how to use a web browser right.. tough cookies for them. We should not be mangling DNS in order to do it.
DNS is about a LOT more than just you looking up a web address, and to break it now is absurd.
If you want a feature like you suggest, you build it at the application level, into the web browser... you don't mess with the fundamental protocols involved.
Every time I send a message with a typo in the domain name, my message goes straight to Verisign's email servers. Though they are kind enough to send a bounce back to me, in the meantime they have the ability to
Shouldn't this be the main concern?
Indeed. This is not new. But there are differences:
.museum gTLD was a new gTLD. If you implement a wildcard from the start of a gTLD, that is something the community can take into account when developing systems around it. (this does not mean I agree with doing so).
.tk and .nu doing the same. There is however a fundamental difference between a gTLD and a ccTLD. A gTLD is operated (or at least should be) under control of the community and should be more strict in following the RFC's. A ccTLD is operated by a country or representatives of a country. If Tokelau and Nieu wish to break the RFC's, it's their problem. It is the responsability of their government to correctly operate the ccTLD and if they fail to do so, to bad for them as the world will eventually turn it's back on them.
The
Some people also mention some ccTLD's like
I'm not a complete idiot... Some parts are missing.
Something that seems to be mildly overlooked here, in my opinion, is that this has the power to give VeriSign "ownership" of the web in many users' minds.
If my mom tries to go to http://www.gooodhousekeeping.com and gets a VeriSign message and a search box, well it doesn't take much of that before she starts thinking that VeriSign == The WWW, because VeriSign is who always tells her what she typed wrong and where she should be going.
What this comes down to is a company trying to "brand" the web. In many ways, Google has been successful at this, but they have actually played fair and achieved what they have on the basis of merit. VeriSign is ABUSING their power to brand the web as their own.
It should be patently obvious by now that VeriSign 's modus operandi is one of deceit and trickery. Evidence the fake "renewal" cards they have sent out in the past to "slam" DNS registrants much like the shady phone companies have tried to do with your long-distance.
Damn, it's ridiculous that people even try to get away with this sort of crap these days...will someone with the power to please stop this?
-JT
Well, one thing interesting I discovered - Earthlink appears to have patched their DNS servers so they return NXDOMAIN now instead of sitefinder. Cheers to a big ISP taking charge :)
Brielle
A week ago I saw Verisign as a highly respectable registry and provider of all sorts of security products and verification. Then these recent events occur and their reputation in my mind has gone terribly sour.
Maybe it's just the bias I've learned from the Slashdot community, but they now just seem so imcompetent; maladroit? So much for the whole "trust" thing. I haven't given them my business in the past, but now it's looking significantly less likely. (Although they probably end up with some financial gain regardless of where I purchase domain names, correct?)
Now they just join the list of organisations that just leave a bad taste: SCO, RIAA, and now... VeriSign! (I'm sure there's many more.)
Frankly I think ICANN should formally seperate the registrars and the root DNS registry. Make these changes to the rules:
Any site that sitefinder "helps" you with has a robots.txt file that disallows all agents. I am trying to access an old site of mine that was archived on the WaybackMachine and it won't let me access the old information now. Verisign must be stopped at all cost.
Among my other big problems with the whole thing, is the following line in their Terms of Use, section 10:
Sole Remedy.
Your use of the Verisign services is at your own risk. If you are dissatisfied with any of the materials, results or other contents of the Verisign services or with these terms and conditions, our privacy statement, or other policies, YOUR SOLE REMEDY IS TO DISCONTINUE USE OF THE VERISIGN SERVICES OR OUR SITE.
Great.. and exactly HOW do *I* as the defined "user" do that?!
When did I consent to verisign that I wanted to use their free service? and how would I tell them I don't WANT to use it?
Anybody?!
In a quick search I found 12 two-letter TLDs doing the * thingy:
.ac, .cc, .cx, .mp, .nu, .ph, .pw, .sh, .td, .tk, .tm and .ws
.com, .net and .museum this makes 15 TLDs.
Including
The search was done using this very clumsy one-liner:
for b1 in a b c d e f g h i j k l m n o p q r s t u v w x y z ; do for b2 in a b c d e f g h i j k l m n o p q r s t u v w x y z ; do host asqerdfqewrd.$b1$b2 >> dom.txt.slet; done; done
(I wonder if there is a character equivalent for 'seq 1-27'.)
> > Also verisign makes it money by selling domain names. Recall that they used to
/year.
> > be free at one point.
> Assuming you're young enough to buy into a theory calling government services
> "free."
Why assume that?
Its free as in $0
When you were done with a domain, you sent in a form to deactivate it. Same form you sent in to register it in the first place.
I cant remember when this change over happened exactly, but it was the early 90's.
(I want to say 1993 but my memory is very shaky there.. shouldnt be hard to look up if you care)
Then they started charging $50/year until the late 90's when they lowered that price to $35/year.
They also for the longest time, starting when they first charged money for domains, that a domain must be paid for atleast for 2 years.
I think NetSol may still do this (I havent used them in forever)
It was the alternate registration services that first started allowing 1 year registrations.
Oh by the way. All of this was from InterNIC, who was appointed after the ArpaNet became the Internet, so it had very little (Read: none at all) to do with a government service at this point.
Even the government service on arpanet before DNS was free.
You simply emailed the guys with the master internet-hosts file.
They add your records (host to IP)
Then you wait about a week for everyone on the internet to download the new file and update their machines with it (Yes it was a totally manual process)
Unfortunately, despite the fact that they say they aren't collecting e-mail addresses, for the community at large the issue is we now have to trust them to continue to honor that promise. Considering their actions in implementing SiteFinder in a most irresponsible fashion, I'm not sure that trust would be well placed.
Are we having fun yet?