VeriSign Responds To ICANN's SiteFinder Advisory

dmehus writes "VeriSign's Naming and Directory Services division has written to ICANN President and CEO Paul Twomey regarding the recent advisory concerning VeriSign's DNS wildcard redirection service. In the letter, VeriSign's Rusty Lewis says that they are open to independent and objective technical concerns expressed by various Internet bodies; they have formed their own "independent" panel of industry leading experts to produce its own, separate report; and they will not voluntarily suspend SiteFinder. It's a very terse response, and frankly, I'd have expected more from them. Slashdot readers are encouraged to visit ICANNWatch for in-depth, expert discussion on this and other issues."

Re:Huh?

[rgmoore]

As to your call for us to suspend the service, I would respectfully suggest that it would be premature to decide on any course of action until we first have had an opportunity to collect and review the available data.

That's an interesting thing for them to say, especially because earlier in the letter they said:

All indications are that users, important members of the internet community we all serve, are benefiting from the improved web navigation offered by Site Finder.

So which is it? Have they not yet had a chance to gather any data, or have they gathered the data and found that it's beneficial to users? Or, as seems most likely, are they just saying anything that they think will get ICANN off their backs for long enough for them to sell a bunch of registrations?

Is it accessible to the blind?

[effer]

If not, what better target for a lawsuit!

Re:I'm lost, please help.

[ScottSpeaks!]

There are a variety of problems with this.

• The most fundamental one from a systems-management standpoint (and the internet itself is one huge systems-management nightmare) is that DNS lookup is a core function that affects a lot more than just web browsing. You don't change such a core function without thoroughly testing the impact of such a change. At the very least, the co-operative nature of the internet requires that you at least tell everyone you're going to do it. And when people complain that you've just broken something, you damn well better put it back the way it was.
• A case in point: A lot of anti-spam software uses DNS look-ups to identify bogus return addresses. Since DNS for .com and .net is no longer returning "not found" for bogus domains, this function is now failing.
• Various legislatures and/or courts have passed/interpretted laws to forbid "squatters" from registering other people's trademarks (or typos of them) for themselves. Verisign has effectively just "registered" every unregistered/mistyped trademark and pointed it to their web site. For example, there's a local business who hasn't registered their name (a trademark) as a domain name. If someone asks for (thisbusinessname).com, Verisign will direct them to a web site (theirs) which instead suggests several other web sites. For the right price, a competitor of this business can have their web site listed here. This is no different from a competitor or unauthorised squatter registering the domain name... which they could be successfully sued for doing. The fact that Verisign is now profiting from the use of trademarks it does not own puts it on very shaky legal ground.
• This is a classic case of abuse of monopoly power. In much the same way that (for example) the US FCC licenses broadcasters to use the public airwaves in ways consistent with the public good, Network Solutions (now owned by Verisign) was assigned responsibility for the .com and .net top-level-domains to be operated in ways consistent with the good of the internet community. Reckless management of that responsility, resulting in technical problems which it refuses to correct, and taking financial advantage of that trust in a way unavailable to any other entity... adds up to a "problem".

Re:Huh?

[Leto2]

msaulters, for completeness, since you seem to be intimately knowledgeable on the RFCs, can you paste the relevant sections from these three RFCs that apply to Verisign's wildcarding?