Slashdot Mirror
VeriSign Responds To ICANN's SiteFinder Advisory
dmehus writes "VeriSign's Naming and Directory Services division has written to ICANN President and CEO Paul Twomey regarding the recent advisory concerning VeriSign's DNS wildcard redirection service. In the letter, VeriSign's Rusty Lewis says that they are open to independent and objective technical concerns expressed by various Internet bodies; they have formed their own "independent" panel of industry leading experts to produce its own, separate report; and they will not voluntarily suspend SiteFinder. It's a very terse response, and frankly, I'd have expected more from them. Slashdot readers are encouraged to visit ICANNWatch for in-depth, expert discussion on this and other issues."
Which ones?
.ws, for one: try this. I think many other countries' 2-letter codes do the same, especially if the country has sold their national online identity for cold, hard cash.
dot
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Here is something interesting: Check out the Terms of Service:
http://sitefinder.verisign.com/terms.jsp
Is there anyway I can turn this service off? I disagree with the terms.
Ted
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
If your domain registration site is using a DNS lookup to check if a domain is registered, it is a very poor domain registration site. There is no guarantee that if a domain is registered, there are nameserver records for it anywhere except the gTLD root nameservers.
Registrars should be using the SRS system provided by VeriSign Naming and Directory Services to check if a domain is registered. This is the same system that they use to register domains with the registry (run by VNDS). This system can and does provide a definite yes or no as to whether a domain may be registered.
Love VeriSign or hate it, but get your facts straight.
"The details of my life are quite inconsequential..."
I don't think I've seen this posted before, but some people may find it interesting. Here's the contracts between ICANN and Verisign for .com and .net (.org is there also, but it no longer applies).
It was Network Solutions (a company that was absorbed by Verisign) that created the concept of paying for domain names in the first place... there was a day when domains were free to the end users.
Hey, if you feel strongly about this issue, you can reach them directly. Just call 703 925 6999. That's the direct line for VeriSign Naming and Directory Services. I tried to get Rusty on the line, but they're on the East coast and he had already left the office.
I just spoke with a nice secretary lady whom told me that she was 'sad to hear' that I, "an investor", was going to sell my "2000 shares" of Verisign first thing in the morning due to their horrible wildcard DNS policies.
When I asked why they are doing this, she told me it was a "marketing decision" and that "somebody in the marketing department" thought it up.
She said that I was the first person she had heard complain about it, though she had read somewhere that it was "controversial".
If anybody has any success getting through to these people, post any interesting tidbits you find out. Thanks.
# wrote sig.txt, 23 lines, 31337 chars
I think it's interesting how ICANN is coming at this situation. I think you have to realize how much money VeriSign makes ICANN. I'd dare to say that over 70% of all of ICANNs revenue is generated from VeriSign.
So It's sort of the same situation that we are in with Middle Eastern Oil. We're trying to tell them, 'Hey, make it cheaper and give us more' but we cant strong arm them. 'cause if they up and leave we're left high and dry.
If VeriSign were to be revoked their registrar status, ICANN would stand to lose millions.
Why do you seek to portray Verisign as such a sleazy company?
If you ever had a domain with them, you'd think they're sleazy too.
I spent months trying to transfer a domain away from them, and when I finally thought I'd be able to do it, they told me "You can't transfer your domain when there are less than 30 days to the renewal date" - essentially, they made me pay $35 for 4 more days. Luckily, easyDNS is nice enough to honor the remaining time on your domains.
If you havent allready signed it, there's a petition at http://www.whois.sc/verisign-dns/ to encourage Verisign to rack-off.
I am a Mac OS X user and recently read an interesting hint on the Mac OS X Hints website.
It appears that simply blocking sitefinder.versign.com leads to a rather unpleasant 'timeout' error in a browser: a long wait prior to a timeout is hardly better than an instant appearance of VeriSign's SiteFinder service.
However, one of the users, in the comments on the hint, noted that "[w]hen you type an incorrect URL, the Verisign DNS server actually returns an IP address, which is that of sitefinder-idn.verisign.com."
He continues, "Blocking the sitefinder-idn.verisign.com server in the manner recommended in this hint would save a fraction of a second but the main problem with this hint is that it suggests blocking the response when a far more efficient method would be to block the outgoing request. The system tells the browser that permission is denied for this request and the browser passes that information along immediately. Thus, the rule I use is:
sudo ipfw add 1170 deny tcp from any to 64.94.110.11 setup
I have been using this rule without any noticeable problems. Perhaps it might be of use to others?
Government steps in to take over .net, .com., and .org. Everyone's screwed. So much for the free, cooperative, works-of-our-own-free-will Internet.
You're posting from your AOL account, the one you just got with your first PC purchase. Am I right?
If I am not right, and you've been connected to the internet for more than six minutes, then how can you possibly not know that the dot-com and dot-net servers were run by the US government for over a decade prior to Verisign, and domains were free of charge, and none of this crap happened.
Far from everyone being screwed, the NSF ought to take it over again.
Edith Keeler Must Die
Follow the link to the contract, choose 'functional specification' and then jump down to 'Nameserver functional specifications' which I quote:
ICANN Please, Please, Please, Please, Please, PLEASE!!!! take that letter and offer to shove it up Verisign's ass gift-wrapped in their contract.
OR
<big giant cluebat>
You *THWAP* DON'T! *THWAP* BREAK *THWAP* THE R *THWAP* F *THWAP* C! *THWAP*
</big giant cluebat>
These people looked deep into my soul and assigned me a number based on the order in which I joined.
Section 4.3.1 of RFC 1034 pretty clearly states that the response to a name query is to be:
Now, the section thereafter goes on to talk about wildcards, so they are pretty much out of luck for saying that VeriSign isn't implementing the RFCs correctly. However, another portion of the RFC makes it very clear that wildcards are only for use within an entity's domain of control (that is, *.foo.com in DNS will not affect lookups under bar.com). The key here is that it is up to the OWNER of the domain in question as to the appropriateness of wildcards in DNS. VeriSign does NOT OWN THE .COM TLD. They merely ADMINISTER it for ICANN. Thus, there is a very good case for VeriSign being in breach of contract by failing to cary out the wishes of the OWNER of the .COM TLD. Which in this case is ICANN.
Basically, I would be a bit more thorough before going to VeriSign, but afterwards, I'd still wack them over the head with the contract and force them to remove the wildcard.
-Erik
There are always four sides to every story: your side, their side, the truth, and what really happened.