Slashdot Mirror
VeriSign Responds To ICANN's SiteFinder Advisory
dmehus writes "VeriSign's Naming and Directory Services division has written to ICANN President and CEO Paul Twomey regarding the recent advisory concerning VeriSign's DNS wildcard redirection service. In the letter, VeriSign's Rusty Lewis says that they are open to independent and objective technical concerns expressed by various Internet bodies; they have formed their own "independent" panel of industry leading experts to produce its own, separate report; and they will not voluntarily suspend SiteFinder. It's a very terse response, and frankly, I'd have expected more from them. Slashdot readers are encouraged to visit ICANNWatch for in-depth, expert discussion on this and other issues."
I think it's time for ICANN to look for someone else to run the NET and COM TLDs. Not only are they unwilling to suspend SiteFinder after an enormous public outcry and a direct request from ICANN, but they didn't even bother telling anyone they were going to do this in the first place ahead of time. This is absolutely terrible, and I hope ICANN finds someone else to manage these TLDs
Okay, so I can see and understand the effect wildcarding had on the domains, and why it's bad thing.
.net and .com domains? If not, who can?
I'm also familar with the basic structure of the DNS network. However, I'm not familar with the regulatory system.
Can someone explain who regulates who gets to control what domains? Can ICANN revoke Verisign's control of the
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
of SiteFinder is the fact that non-English speakers no longer receive an error message in their own language, but are confounded with some bizarre English language site which certainly wasn't where they were trying to get to.
Just imagine a DDOS worm that generates RANDOM strings that end in .com and launches parallel Denial of service (even http connection requests)
;)
to whatever Ip address comes back.
Just imagine a Code-Red style worm that lingers for years after on clueless admin's machines whose spreading mechanism is by random domain name instead of random IP addresses.
Sure, it'd take a lot longer for it to spread, but the cumulative effect would be to take whatever server is addressed by the wildcard address out of commission!
(Not that I'm advocating creation of a worm, but can you imagine the outcome of this kind of thing?)
It appears that Network Solutions may have learned to tuck tail and run whenever anyone comes asking what the hell their parent company is doing.
..."
When they responded to me last week, they told me that Verisign was "well within the guidelines" that Verisign set up in the document they created for their own "service."
Now I only get form responses from NetSol drones: "It seems you are having trouble with the SiteFinder service. Please read the SiteFinder FAQ at:
Here is a little script that I whipped up to find out which TLDs have wildcard records.
p root.zone.gz
#!/bin/sh
rm -f root.zone root.zone.gz
wget -q ftp://ftp.internic.com/domain/root.zone.gz
gunzi
for i in $(grep ' NS ' root.zone | awk '{print $1'} | sort -u); do
host -ta "*.$i" 2>/dev/null
done
rm -f root.zone root.zone.gz
Are you paranoid if you know that they just want to know everything you say and do?
ICANN can revoke their authorization last I heard. They are pretty much push-overs for corporations so I don't see any top down remedies to this blatent miss-representation of their powers.
On second thought, here is my idea: Have Verisign pay ICANN for every bogus returned DNS request, since technically Verisign has registered billions of domains, I'd say that ICANN is entitled to a mightly large chunk of Verisign revenues. More than the service is worth? One can only hope.
Bye!
14. AGREEMENT TO BE BOUND.
By using the service(s) provided by VeriSign under these Terms of Use, you acknowledge that you have read and agree to be bound by all terms and conditions here in and documents incorporated by reference.
IANAL, but is there any legal precidence about this type of licence? Isn't this the same sort of thing as having to open a sealed box to be able to read the licence, which then states that by unsealing the box you've agreed to the licence?
I have a feeling that their licence would totally fall over in court - since there is no consent - which means that nothing in the licence would be enforcable, and despite what section 12 says (they're not liable for damages/whatever resulting from their 'service'), you could probably do something like.. sue them for any spam (provided your jurisdiction has laws against spam) that got past your spam filters because it failed the valid domain name check.
Speak before you think
(btw, /. wouldn't let me post that as it was, in all caps. Why do lawyers do that? It is a proven fact that people often skip past sections of text like that, since it seems like noise and the brain just filters it out.. Is that just another tactic by lawyers (besides making licence agreements inane, long, and boring in the first place) to make you skip over certain sections? Make you think you read it all and agree anyways, even though your brain just filtered out the part removing them of all liablity..
Speak before you think
Has anyone noticed that they are tracking the clickthroughs of the search results. (Note: google does not do this)
They are building a huge database of behavior. It is tied to your ip address. I wonder what their policy is on releasing that information to the government? (they originally were government chartered)
Hell. I wonder if they were put up to it by the Department of Homeland Securiy.
At the very least, it will prove to be an invaluable, and highly marketable database.
I just called got someone on the line pretty quickly (less then a minute)
:)
I asked politly how I can turn off the Sitefinder service (yes I know exactly how it works, but I figured that would be a good way to approach it.)
The person then asked for my name and email (which I gladly gave)
He then respond with, at this time we have no plans to turn off the site finder service.
For which I responded, I read your TOS and it says that if I don't agree to the terms that I shouldn't use the service, and repeated that I wanted to have it disabled
He said that he would send me some information on it.
While this call I am sure is insignificant, if all of slashdot started calling.. that would be something.. at the least.
PS. yes I know how to null route it.. thank you
From the Terms of Service:My question to Verisign was "I'm dissatisfied. What does 'to discontinue use of the Verisign services' mean? I can move many domains to other TLDs, pull the Verisign root certificates from a few hundred workstations, cancel a PayFlow account that handles a few hundred thousand dollars per month, and have my clients cancel several thousand dollars worth of SSL certificates. Is that what you want me to do?"
Again, no response as yet.
In a way that's what already happened. The US government were the ones that gave Verisign their monopoly, after all.
Typical modus operandi, government action messes things up, more action will fix it! (And if you believe that, just check out how they've fixed the war on (some) drugs.)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
If you check out Verisigns traffic page at Alexa (http://www.alexa.com/data/details/traffic_details ?q=&url=http://www.verisign.com), you can see why they aren't easily giving up their sitefinder project.
If you use email, your email system will give you a message like which is only slightly inaccurate. Your email-to-speech reader should be able to read it to you about as well as it could have read the message you should have gotten.
If you're using a web browser, it's a different story (unless Verisign's web pages are tuned for different browsers, in which case Lynx could be made to work ok.) There's lots of Javascript, mostly at the end, and the phrase about the domain verisignsucks-1342314321.com does not exist is unfortunately buried in the code for a complex table, even though visibly it's rendered near the top of the page. So that depends on your user interface's ability to read you tables and ignore Javascript.
If you're using most other protocols, somewhat incorrect things will happen, because most of them use "A" records, which Verisign will respond to with their IP address, and the service you're looking for probably isn't there. But again, they're the same incorrect things that happen to sighted people, and presentation is an applications programming problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Could we be witnessing the same thing happening to the Internet? Will it slowly evolve into a near useless channel of communication as it becomes more and more corporatized and balkanized? If it does, it won't be long before Internet jockeys start demanding regulation and some kind of government cop to enforce standards and other general agreements for how the Internet should behave.
When will that day come? Who knows. Maybe 5 years, maybe 25. Perhaps it'll happen during the gale force wind of anti-corporate sentiment that's currently brewing in middle America. But the real trick will be to stop the corporations from dominating the regulatory process like they did with radio and television. I hope and pray the ideals the Internet was founded upon survive this process. We'll have to wait and see and petition hard for our respective governments to do the right thing.
<a href="http://www.joblessjimmy.com">Work is dumb and so is Jobless Jimmy.</a>
It may seem like a lot of effort, but, if everyone who hates this service just sends them a few words saying so, by email, by putting the following list of every address they have into their send line, they wont have an email system at all :) And it might be just a little fun too!
Here they are :) All 1 line, with , inserted, so you can just copy and paste it :)
consultingsolutions@verisign.com, websitesales@verisign.com, verisales@verisign.com, clientpki@verisign.com, internetsales@verisign.com, paymentsales@verisign.com, dnssales@verisign.com, digitalbranding@verisign.com, vts-mktginfo@verisign.com, channel-partners@verisign.com, premiersupport@networksolutions.com, authenticode-support@verisign.com, objectsigning-support@verisign.com, enterprise-sslsupport@verisign.com, vps-support@verisign.com, webhelp@verisign.com, practices@verisign.com, renewal@verisign.com, vts-csrgroup@verisign.com, info@verisign-grs.com
*There's Klingons on the starboard bow, scrape em off Jim!*
For example, you might go do www.apple.com, and the resulting page might ask "Do you want A. Apple Computer, B. Apple Records, C. Apple Growers Association of West Florida" or whatever.
However, because domain names are "owned" these days, there is little incentive to do this.
120 character sigs suck. Make it 250.
took 3 minutes and 20 seconds to timeout.
curl 2342323432423432.org
returned a resolver error in less than two tenths of a second.
curl 2342323432423432.gov
returned a resolver error in less than a tenth of a second.
Will anyone really wait three minutes for a web page?
Quit whining and run your own DNS server. When you are asked, you should willingly pony up the network bandwidth and server load to run a root server.
You'd better get cracking too: there's a lot of RFCs to bone up on before you can achieve the status of the enlightened few who are above the controversy by sheer virtue of pure wisdom.
If all the selfless people made it their livelihood to outproduce the demands of the greedy, would the demand diminish? Greed is foolishness, and a fool is self-defeating. Leave the greedy alone, but show them how to BE happy so that they can see parity from striving for happiness.
You can't sustain a technical solution for a political problem, so leave their forum and create a new one without political problems. Why not just go back to IP addresses? Why not a new distributed database? Signed DNSSEC zones with PGP style peer-reviewed keyrings for certificates? What's the BIG PROBLEM here? The solution is apparent in understanding the problem.
--- Nothing clever here: move along now...
Seriously though, someone should write a Windows virus that disables this thing from half the internet...
because it only shows up if I have a typo in my URL:
http://www.verisignsucks.com/ -> non existent domain
http://www.verisignssucks.com/ -> sitefinder shows up...
http://www.verisign-sucks.com/ -> non existent domain
http://www.verising-sucks.com/ -> sitefinder shows up...
--
I'm a-huga bimbo.
It's time that the rest of the world took control of the DNS away from the corrupt outfit that has highjacked it and the Government which allowed that to happen.
Perhaps UNESCO should run the DNS?
That's the United Nations Educational, Scientific, and Cultural Organisation.
Just watch, though. I'm sure that adding the "sitefinder" service is going to be much easier for verisign to do than tearing it back down if/when a court decides that Verisign had no right to do it. They'll certainly come up with bullshit technical explanation after explanation why it can't be brought down right now just to keep it up another day, week, month or year.
I used up all my sick days, so I'm calling in dead.
Previously: You think of a domain-name you want, go look at it. If it's not there, you can get it. If it's been taken by another company, or a domain squatter, you choose a different name.
Now: You think of a domain-name you want, go look at it. It's been taken by a domain-squatter. The same thing happens for every one of the domains you try and check. You give up, and have to pay the person whose site is on the domain you want.
Ignoring for a moment anybody technical enough to recognise Verisign scum as being different to normal scum, how can anyone possibly know what domains are available under this new regime?