Slashdot Mirror
VeriSign Responds To ICANN's SiteFinder Advisory
dmehus writes "VeriSign's Naming and Directory Services division has written to ICANN President and CEO Paul Twomey regarding the recent advisory concerning VeriSign's DNS wildcard redirection service. In the letter, VeriSign's Rusty Lewis says that they are open to independent and objective technical concerns expressed by various Internet bodies; they have formed their own "independent" panel of industry leading experts to produce its own, separate report; and they will not voluntarily suspend SiteFinder. It's a very terse response, and frankly, I'd have expected more from them. Slashdot readers are encouraged to visit ICANNWatch for in-depth, expert discussion on this and other issues."
The bottom line is that Verisign's DNS behavior screws up lots of other systems. If I go to a domain registration site, and ask it "is this domain registered?", it will go see if there is an IP for that domain. Verisign's behavior screws this up, because now all .com and .net domains will return an IP address.
And it's being very disrespectful to the computer industry. Verisign is no better than Microsoft here; they are snubbing their noses at what they agreed on. They need more than just a slap on the wrist. They need to learn that they DO NOT have the right to do whatever they decided. Microsoft does it, but it doesn't mean that they can do it.
Obviously this project has a significant return - otherwise they would not have invested some amount of time and energy into its implementation, knowing the backlash that was to be expected. That said, you really thought they'd give it up without a fight, especially considering the damage they've already done to their brand? Oh the arrogance.
...that enough of a ruckus will be kicked up over this that someone will have the following bright idea:
.net, .com., and .org. Everyone's screwed. So much for the free, cooperative, works-of-our-own-free-will Internet. Thanks, Verisign.
Let's make this illegal!
Voila. Government steps in to take over
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
I just null routed their ENTIRE array of IP addresses in my router. Now I can't even get to their site and accidentally buy a domain there. I also moved any domains I had with them to GoDaddy. if everyone else tells everyone they know to use another registrar or use another SSL key company they will see a loss :-)
If ISP's null route them your defense is.. Well, you changed the rules why cant I?
Other TLDs such as .cc have wild card site that trys to sell any domain that's unregistered.
http://verisignsucks.museum/
Just as an example.
I think *.museum is ok to have a wildcard for though, since not everybody can go out registering a museum domain name. It works similar to
Morphing Software
Why do you seek to portray Verisign as such a sleazy company?
Because they are and always have been.
Besides using the fact that they run the root servers to hijack all unused addresses, in the past they've sent misleading correspondance to domain name owners to get them to switch registrars to verisign when all they want to do is renew.
So which is it? Have they not yet had a chance to gather any data, or have they gathered the data and found that it's beneficial to users? Or, as seems most likely, are they just saying anything that they think will get ICANN off their backs for long enough for them to sell a bunch of registrations?
There's no point in questioning authority if you aren't going to listen to the answers.
If not, what better target for a lawsuit!
Well,
Every single change they have EVER made to their DNS control realms have been sleazy, underhanded, or monopolistic.
Domain Holding with the option for payments to free them up faster? They still do it. Hell just look at the slashdoty article history. The question should really be: What the hell have they done to improve the state of the internet? Their agenda's differ from those of us here because we want a free Internet and they want dollar signs.
Bye!
In the footsteps of several other registries that have done the same, we recently deployed a wildcard in the .com and .net zones.
.com and .net zones, but in actuality what they are saying is "Other registries have deployed wildcards, and we are doing the same, but in the .com and .net domains".
You need to know what's going on to understand this bit. What they want people to think is that other registries are also deploying wildcards in the
However, most people who are unhappy with VeriSlime will easily see through this piece of doublespeak.
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
Doing any sleazy thing one can imagine just because their lawyers think they can probably get away with it is not an appropriate way to do business - or an honorable one.
And "just doing what they needed to do to survive" is the same excuse the Donner Party used.
If VeriSign were to be revoked their registrar status, ICANN would stand to lose millions.
Right, but then they'd make someone else the registrar and get those millions from them.
There are no trails. There are no trees out here.
It goes both ways: VeriSign needs ICANN approval in order to operate in the position it does. ICANN's in the superior position, in many ways, because there are plenty of other operators (read: hordes, foaming at the mouth) who'd kill to take over for VGNS.
Now, the risk is great enough, for both parties, that I doubt either will push a hardline for long. VeriSign will back down at some later date, and ICANN won't seriously consider--for instance--yanking VGNS's right to operate.
It's a cold war, MAD and all.
If one looks at the newsgroups as historically how something like this works, the .museum TLD is a highly restrictive, highly controlled domain. It's entire purpose is for respected institutions to be listed. So, them having a master index and a reply indicating an invalid domain makes sense, since the entire domain listing easily scrolls through a few screens only. It would be the equivalent of a comp or sci newsgroup; highly structured groups with moderation and content rules.
.com is the tld equivalent of alt., where anyone can create and post anything, without moderation, without structure. Attempting to impose structure, in the form of sitefinder, is stupid in this instance, since the organizations represented in .com are usually for-profit or attempting to jockey for position. If I have a business, do I now have to register every possible combination of my domain to keep idiots from being redirected to a customer of mine because they paid verisign to add them to the referral page for a misspelling of my domain name? I also have to worry about verisign giving precedence to domains registered through them in the recommended sites, and if I have a godaddy.com-registered domain, will I end up being denied business that would normally have realised that they made a typo, to fix it and come to me?
This is the real problem that I have with sitefinder. It being in the hands of a commercial organization who has exhibited a systematic behaviour of putting profit before anything else will only exploit this situation. They will start selling placement on messed up domain entries, they will start denying domains registered through other registrars the same regular placement as their own, and they will destroy what had been a fairly free and open system.
I'd recommend that if Verisign doesn't immediately stop this insanity that we write to our legislators and demand that control of the TLDs that versign manages be removed and handed to ICANN to deal with directly.
Do not look into laser with remaining eye.
I'm almost sad to see that the parent is currently modded 0, Flamebait. Someone has to play Devil's Advocate, even if it's to argue a patently ridiculous point.
At the risk of feeding a troll, I'll point out a couple of things:
AFAIK they have allways delivered a decent service at decent price to their customers. Compared to normal bussiness practise they are just very ethical in their behavior. As a long time customer I must say that they are nice to deal with compared to many of those unethical companies that you find on the internet that just want to scam you.
An excellent analogy! Verisign is not as unethical as the companies that sell snake oil and redirect your phone call to Vanuatu. That's like saying I should be happy to just be beaten up in a robbery, 'cause I could have been killed outright. Thanks, I feel much better.
My only dealing with NSI (in the pre-Verisign buyout days) was when they wouldn't transfer my domain to me from the original owner because of an obscure missing piece of paper (full story here). I got around the problem by transferring the domain to Domain Direct (affiliate link) and then to the much cheaper Gandi (no kickback), and I've never looked back.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
correct me if i am wrong, but i though the US gov(or was it ICANN) gave verisign the registrat power over .com and .net...
.com and .net(and .org, .tv, .info even.... excluding individual contries' domains)?
first, why can't we just take it back?
second, why should so much power dealing with the interent be given to a corporation, why not a common non-profit organization handle the
The internet should be free, open, and very welcoming. domain registration should cost only enough to maintain the systems(the very POWERFUL systems) that handle that sort of thing... registrars shouldn't be in it for the money.
Someone correct me if I am wrong, but didn't their redirect site have some type of web bug as well as a cookie that doesn't expire for five years?
I remeber hearing this a while ago.
"the road to hell is paved with good intentions."
too far? we have arrived!
however, openNIC is alive and well and kicking much ass. (or http://www.opennic.unrated.net for the unenlightened...)
Hit them where it hurts, in the bottom-line. Complaining to everyone may get this fixed, but patching your nameserver and then going after the back-end may also get results.
A better solution is to use something like dnsmasq, which is capable of blocking VeriSign's wildcard responses directly. This way, you'll get a proper NXDOMAIN response. This should be perfectly usable under MacOSX, since it's just a straight-up Unix daemon.
Not really. You posted anonymously, I didn't. Nothing against you (since I have no idea who you are, obviously), but I set very little stock by anything posted without a name. I understand that there are reasons to post anonymously, such as to not bring down the wrath of an employer. However, there's still the concept of if you won't even sign your name to what you've said, how much can it be worth? Additionally, a lot of moderators take the tact of never moderating AC posts up. And you also started your post with a personal insult, which a lot of people automatically view as flamebait.
Either way, the important thing is that someone got modded up to point out how wrong that guy was. And that he got modded down.
-Todd
"The details of my life are quite inconsequential..."
http://verisignsucks.tv
http://verisignsucks.dk
This is a different thing, however. The .tk, .tv, and .dk TLDs are owned by specific countries (I can't remember exactly which). The specific subdomains are rented out for cheap, or free, along with banner ads, so the countries make revenue. Annoying, yes. Unethical, possibly. Against RFC... probably. But they own those TLDs, and can do whatever they want with them. Verisign does not own .com and .net. They are on contract from the US Federal Government to run the root nameservers for .com and .net.
I mod down pyramid schemes in sigs.
...at least on the DNS servers I control. Just redirect lookups on the .verisign.com (and .net and .org) domains to my local DNS servers which strangely enough don't seem to point the inquiries to verisign... Just had to clear it with Management first as a "privacy issue"...
Help save the critically endangered Blue Iguana
that the sitefinder "service" only returns domains by verisign customers? Kind of negates the defense that the sitefinder utility is helping people across the internet find what they really need.
http://mediagoblin.org/
[just fired this off to VeriSign]
Dear VeriSign,
Assuming for a minute that you had absolutely no idea that SiteFinder would break large portions of the Internet, I'm simply dumbfounded over your renegade attempt to hijack the Domain Name System.
In all seriousness... what were you thinking?
Did you intend to destroy your credibility, or was it merely an unintended side effect or your sheer arrogance?
You've managed to rally the technical Internet community behind ICANN, the one organization which was a bigger laughingstock than you to begin with.
Please, reconsider SiteFinder. The Bubble bust a long time ago.
- a dissatisfied customer
It's even more interesting for them to come back with that when they themselves didn't do the very same data gathering and research before implementing the damned thing.
There seems to be an issue as to whether the Verisign SiteFinder "Service" violates federal law, namely, the Electronic Communications Privacy Act of 1986. I wish I could get links to work, but here are URLs that will give you the text of relevant sections of this law. Type the URLs carefully -- you wouldn't want them to be intercepted by Verisign.
1 8/ parts/i/chapters/119/sections/section_2510.html
1 8/ parts/i/chapters/119/sections/section_2511.html
http://caselaw.lp.findlaw.com/casecode/uscodes/
and
http://caselaw.lp.findlaw.com/casecode/uscodes/
A careful reading of these sections (18 U.S.C. 2510 and 2511) seems to suggest that Verisign's interception of mistyped URLs and emails, which could easily be argued to this casual observer to be both intentional and deliberate, might be a crime punishable by a fine and five years in prison. Sections of this law other than the ones cited above appear to indicate that statutory damages might be available to individuals who have had their communications intercepted.
Someone with enough interest in the matter should contact a lawyer to get a more definitive answer.
If selfless people existed, we might discuss what they could produce. That said, there are many generous people who are also intelligent and hard working that have made huge contributions to the computing world. As a result of them, we have the Internet, Web sites, Linux, and various less-well-known projects and products.
I call bullshit on this one. Verisign is being greedy and abusing their stewardship. They don't own .com or .net, but they are making decisions for all of us that do own a part of it. If my $35.00 doesn't go to support those "willingly-provided" DNS servers, then why did I pay it? The solution is to roll back the clock 14 days and not have this "Service" implemented. If Verisign wants typos to drive traffic, they should do what everyone else is forced to do, and buy a browser.
"Murphy was an optimist" - O'Toole's commentary on Murphy's Law
msaulters, for completeness, since you seem to be intimately knowledgeable on the RFCs, can you paste the relevant sections from these three RFCs that apply to Verisign's wildcarding?
<grub> Reading
Okay, one more time...
That's application level. You can shut it off. And if there comes a time when you can't, you're free to switch to a different browser, like, say, Opera.
And it doesn't result in mistakenly passed spam checks, email address leaks to Veri$ign, and general screwed-upedness like a wildcard DNS does.
Geez, does anybody get that "the web" is not a synonym for "the Internet" anymore?
"Using what?"
Probably router and nameserver configurations.