Slashdot Mirror
VeriSign Responds To ICANN's SiteFinder Advisory
dmehus writes "VeriSign's Naming and Directory Services division has written to ICANN President and CEO Paul Twomey regarding the recent advisory concerning VeriSign's DNS wildcard redirection service. In the letter, VeriSign's Rusty Lewis says that they are open to independent and objective technical concerns expressed by various Internet bodies; they have formed their own "independent" panel of industry leading experts to produce its own, separate report; and they will not voluntarily suspend SiteFinder. It's a very terse response, and frankly, I'd have expected more from them. Slashdot readers are encouraged to visit ICANNWatch for in-depth, expert discussion on this and other issues."
From the letter to ICANN:
As to your call for us to suspend the service, I would respectfully suggest that it would be premature to decide on any course of action until we first have had an opportunity to collect and review the available data.
Well, I think that the world would have appreciated the same level of consideration before the system was ever even implemented in the first place.
Unilateral Military Action.
In case you are not a doubleplusgood duckspeaker, here is a helpful translation of Verisign's letter to ICANN.
.com and .net zones.
Dear Paul:
Translation: Dear meddlesome twit:
This will respond to the ICANN Advisory concerning VeriSign's Deployment of DNS Wildcard Service dated 19 September 2003.
We're about to tell you where you can stick your "advisory".
In the footsteps of several other registries that have done the same, we recently deployed a wildcard in the
Verisign has no problem being just as sleazy and underhanded as any of our competitors.
This was done after many months of testing and analysis and in compliance with all applicable technical standards.
Marketing sees dollar signs, and legal says we can get away with it.
All indications are that users, important members of the internet community we all serve, are benefiting from the improved web navigation offered by Site Finder.
None of the lusers who installed "The Internet" on their computers has a clue that we've even done anything.
These results are consistent with the findings from the extensive research we performed.
They are, however, clicking the pretty buttons, just like we hoped they would.
We are, of course, very interested in any objective technical information ICANN may have received concerning the service and would welcome the opportunity to work with you to review such data. To that end, we have reached out to schedule meetings... of leading experts in the field.
Let's have a meeting. Then another. Then another. Then, we'll codify the new de facto "standard".
As to your call for us to suspend the service, I would respectfully suggest that it would be premature to decide on any course of action until we first have had an opportunity to collect and review the available data.
We're going to get our way, because we can, and there's nothing you can do about it. Weenie.
After completing an assessment of any operational impact of our wildcard implementation, we will take any appropriate steps necessary.
And if we don't get our way, we'll pay off anyone we need to.
I look forward to continuing to work with you on this issue.
Kiss our ass.
Best Regards,
See you in Hell,
Russell Lewis
Executive Vice President, General Manager
VeriSign Naming and Directory Services
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Something that seems to be mildly overlooked here, in my opinion, is that this has the power to give VeriSign "ownership" of the web in many users' minds.
If my mom tries to go to http://www.gooodhousekeeping.com and gets a VeriSign message and a search box, well it doesn't take much of that before she starts thinking that VeriSign == The WWW, because VeriSign is who always tells her what she typed wrong and where she should be going.
What this comes down to is a company trying to "brand" the web. In many ways, Google has been successful at this, but they have actually played fair and achieved what they have on the basis of merit. VeriSign is ABUSING their power to brand the web as their own.
It should be patently obvious by now that VeriSign's modus operandi is one of deceit and trickery. Evidence the fake "renewal" cards they have sent out in the past to "slam" DNS registrants much like the shady phone companies have tried to do with your long-distance.
Damn, it's ridiculous that people even try to get away with this sort of crap these days...will someone with the power to please stop this?
The same "independent" panel of industry leading experts recommends SCO's Linux license and conducted a study showing that Windows is indeed cheaper than Linux and BSD.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
I think it's time for ICANN to look for someone else to run the NET and COM TLDs. Not only are they unwilling to suspend SiteFinder after an enormous public outcry and a direct request from ICANN, but they didn't even bother telling anyone they were going to do this in the first place ahead of time. This is absolutely terrible, and I hope ICANN finds someone else to manage these TLDs
We'll know if these "negotiations" fall apart if "www.icannwatch.org" suddenly displays SiteFinder.
I watched C-beams glitter in the dark near the Tannhauser gate.
Okay, so I can see and understand the effect wildcarding had on the domains, and why it's bad thing.
.net and .com domains? If not, who can?
I'm also familar with the basic structure of the DNS network. However, I'm not familar with the regulatory system.
Can someone explain who regulates who gets to control what domains? Can ICANN revoke Verisign's control of the
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
of SiteFinder is the fact that non-English speakers no longer receive an error message in their own language, but are confounded with some bizarre English language site which certainly wasn't where they were trying to get to.
Obviously this project has a significant return - otherwise they would not have invested some amount of time and energy into its implementation, knowing the backlash that was to be expected. That said, you really thought they'd give it up without a fight, especially considering the damage they've already done to their brand? Oh the arrogance.
...that enough of a ruckus will be kicked up over this that someone will have the following bright idea:
.net, .com., and .org. Everyone's screwed. So much for the free, cooperative, works-of-our-own-free-will Internet. Thanks, Verisign.
Let's make this illegal!
Voila. Government steps in to take over
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
A quick look at fasilmile.com reveals that VeriSign invented it. Link
And the l33t shall inherit the 34r7h.
I just null routed their ENTIRE array of IP addresses in my router. Now I can't even get to their site and accidentally buy a domain there. I also moved any domains I had with them to GoDaddy. if everyone else tells everyone they know to use another registrar or use another SSL key company they will see a loss :-)
If ISP's null route them your defense is.. Well, you changed the rules why cant I?
Here is something interesting: Check out the Terms of Service:
http://sitefinder.verisign.com/terms.jsp
Is there anyway I can turn this service off? I disagree with the terms.
Ted
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
Dear Paul
After the extensive research of how IE directs bad names to MSN Search, we decided that we couldn't let the bastards at MS be only ones that makes money off of poor saps who can't type their URLs right.
We really don't give a rat's ass about what ICANN thinks but just to shut your whiney mouth off, I hires a review panel of leading experts in the field. They include Linux code reviewers from SCO, the guy who thought of domain parking for Register.COM, and the guy who invented One-Click shopping.
As to your call for us to suspend the service, I'd like to politely say "go fuck yourself" with the upmost respect ICANN's Chairman, Vint Cerf, and ICANN's Security and Stability Advisory Committee, Steve Crocker. Crocker, now that's a funny name, just like ICANN.
If you send any more letters, I will personally wipe my ass with it.
Go to hell,
Russell Lewis
Executive Vice President, General Manager
All Your Typos Are Belong To Us, Inc.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
If your domain registration site is using a DNS lookup to check if a domain is registered, it is a very poor domain registration site. There is no guarantee that if a domain is registered, there are nameserver records for it anywhere except the gTLD root nameservers.
Registrars should be using the SRS system provided by VeriSign Naming and Directory Services to check if a domain is registered. This is the same system that they use to register domains with the registry (run by VNDS). This system can and does provide a definite yes or no as to whether a domain may be registered.
Love VeriSign or hate it, but get your facts straight.
"The details of my life are quite inconsequential..."
Why do you seek to portray Verisign as such a sleazy company?
Because they are and always have been.
Besides using the fact that they run the root servers to hijack all unused addresses, in the past they've sent misleading correspondance to domain name owners to get them to switch registrars to verisign when all they want to do is renew.
See, two days ago this was a technical issue that only a handful of nerds cared about. Two months from now it's going to be "Verisign, the organization granted a monopoly on control of the entire Internet and insists on defyingthe rest of the Internet community." People who never even heard of DNS will come away from this thinking that Verisign means shady.
Save us all the time and dozens of inevitable Slashdot stories (+ dupes) and dump the thing.
WAR!
Lauch the blacklists!!!
Verisign just lost it's monopoly over DNS with this stunt methinks. They pised off ICANN, EFF, Slashdot, 99% of the tech industry, and instead of putting their foot in to test the water and going "oh, the shark that just bit my foot off might be a problem" they say "eh, it's just a foot". Everyone is justifyable angry about this.
So, they took of their glove, slapped a couple million people in the face, threw the glove to the ground and drew their sword, to have a mideval analogy.
I say we blacklist their entire domain of advertising websites. A form of blackmail and protest; if nobody can get to their website to register, then they can't very well do buisness effectivly now can they? Sure, people'll get angry about how they can't reregister. The whole point is to show verisign what happens when you piss us off. Lets make a mess so big out of this that they'll never recover!
Candy-Coated Knowledge
It appears that Network Solutions may have learned to tuck tail and run whenever anyone comes asking what the hell their parent company is doing.
..."
When they responded to me last week, they told me that Verisign was "well within the guidelines" that Verisign set up in the document they created for their own "service."
Now I only get form responses from NetSol drones: "It seems you are having trouble with the SiteFinder service. Please read the SiteFinder FAQ at:
It was Network Solutions (a company that was absorbed by Verisign) that created the concept of paying for domain names in the first place... there was a day when domains were free to the end users.
If not, what better target for a lawsuit!
All these changes to the good ol' Internet. Back in my day there was one registrar, and we liked it. And none of this "broadband" hooey. We had real modems that made squeely noises, and it was good enough then, its good enough now.
Damn kids these days...
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Hey, if you feel strongly about this issue, you can reach them directly. Just call 703 925 6999. That's the direct line for VeriSign Naming and Directory Services. I tried to get Rusty on the line, but they're on the East coast and he had already left the office.
I just spoke with a nice secretary lady whom told me that she was 'sad to hear' that I, "an investor", was going to sell my "2000 shares" of Verisign first thing in the morning due to their horrible wildcard DNS policies.
When I asked why they are doing this, she told me it was a "marketing decision" and that "somebody in the marketing department" thought it up.
She said that I was the first person she had heard complain about it, though she had read somewhere that it was "controversial".
If anybody has any success getting through to these people, post any interesting tidbits you find out. Thanks.
# wrote sig.txt, 23 lines, 31337 chars
I think it's interesting how ICANN is coming at this situation. I think you have to realize how much money VeriSign makes ICANN. I'd dare to say that over 70% of all of ICANNs revenue is generated from VeriSign.
So It's sort of the same situation that we are in with Middle Eastern Oil. We're trying to tell them, 'Hey, make it cheaper and give us more' but we cant strong arm them. 'cause if they up and leave we're left high and dry.
If VeriSign were to be revoked their registrar status, ICANN would stand to lose millions.
Why do you seek to portray Verisign as such a sleazy company?
If you ever had a domain with them, you'd think they're sleazy too.
I spent months trying to transfer a domain away from them, and when I finally thought I'd be able to do it, they told me "You can't transfer your domain when there are less than 30 days to the renewal date" - essentially, they made me pay $35 for 4 more days. Luckily, easyDNS is nice enough to honor the remaining time on your domains.
If you havent allready signed it, there's a petition at http://www.whois.sc/verisign-dns/ to encourage Verisign to rack-off.
Dear verisign,
The recent update to BIND contains a feature you should be aware of.
In 1 month, every lookup for any domain registered directly with verisign will fail with %0.1 probability.
The probability will increase by %0.1 per day until the wildcard issue is resolved or until verisign becomes useless as a registrar.
We look forward to a prompt and amicable resolution.
Best wishes,
The Internet.
Well,
Every single change they have EVER made to their DNS control realms have been sleazy, underhanded, or monopolistic.
Domain Holding with the option for payments to free them up faster? They still do it. Hell just look at the slashdoty article history. The question should really be: What the hell have they done to improve the state of the internet? Their agenda's differ from those of us here because we want a free Internet and they want dollar signs.
Bye!
In the footsteps of several other registries that have done the same, we recently deployed a wildcard in the .com and .net zones.
.com and .net zones, but in actuality what they are saying is "Other registries have deployed wildcards, and we are doing the same, but in the .com and .net domains".
You need to know what's going on to understand this bit. What they want people to think is that other registries are also deploying wildcards in the
However, most people who are unhappy with VeriSlime will easily see through this piece of doublespeak.
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
if Verisign's contract is revoked ICANN wil just choose another registar and will still make their moeny..
Don't Tread on OpenSource
Doing any sleazy thing one can imagine just because their lawyers think they can probably get away with it is not an appropriate way to do business - or an honorable one.
And "just doing what they needed to do to survive" is the same excuse the Donner Party used.
I am a Mac OS X user and recently read an interesting hint on the Mac OS X Hints website.
It appears that simply blocking sitefinder.versign.com leads to a rather unpleasant 'timeout' error in a browser: a long wait prior to a timeout is hardly better than an instant appearance of VeriSign's SiteFinder service.
However, one of the users, in the comments on the hint, noted that "[w]hen you type an incorrect URL, the Verisign DNS server actually returns an IP address, which is that of sitefinder-idn.verisign.com."
He continues, "Blocking the sitefinder-idn.verisign.com server in the manner recommended in this hint would save a fraction of a second but the main problem with this hint is that it suggests blocking the response when a far more efficient method would be to block the outgoing request. The system tells the browser that permission is denied for this request and the browser passes that information along immediately. Thus, the rule I use is:
sudo ipfw add 1170 deny tcp from any to 64.94.110.11 setup
I have been using this rule without any noticeable problems. Perhaps it might be of use to others?
Dear Verisign,
I have heard that you guys are running a very useful website where I can get information about how to find other web sites (called sitefinder or something like that). Would you be so kind as to provide for me the URL for this website?
Best, a user
Because apparently www.fuckverisignuptheass.com leads to their wonderful service.
~ a low user id is no indication I have a clue what I'm talking about.
i don't think i've ever read such a moronic response to such an insightful observation
If one looks at the newsgroups as historically how something like this works, the .museum TLD is a highly restrictive, highly controlled domain. It's entire purpose is for respected institutions to be listed. So, them having a master index and a reply indicating an invalid domain makes sense, since the entire domain listing easily scrolls through a few screens only. It would be the equivalent of a comp or sci newsgroup; highly structured groups with moderation and content rules.
.com is the tld equivalent of alt., where anyone can create and post anything, without moderation, without structure. Attempting to impose structure, in the form of sitefinder, is stupid in this instance, since the organizations represented in .com are usually for-profit or attempting to jockey for position. If I have a business, do I now have to register every possible combination of my domain to keep idiots from being redirected to a customer of mine because they paid verisign to add them to the referral page for a misspelling of my domain name? I also have to worry about verisign giving precedence to domains registered through them in the recommended sites, and if I have a godaddy.com-registered domain, will I end up being denied business that would normally have realised that they made a typo, to fix it and come to me?
This is the real problem that I have with sitefinder. It being in the hands of a commercial organization who has exhibited a systematic behaviour of putting profit before anything else will only exploit this situation. They will start selling placement on messed up domain entries, they will start denying domains registered through other registrars the same regular placement as their own, and they will destroy what had been a fairly free and open system.
I'd recommend that if Verisign doesn't immediately stop this insanity that we write to our legislators and demand that control of the TLDs that versign manages be removed and handed to ICANN to deal with directly.
Do not look into laser with remaining eye.
I'm almost sad to see that the parent is currently modded 0, Flamebait. Someone has to play Devil's Advocate, even if it's to argue a patently ridiculous point.
At the risk of feeding a troll, I'll point out a couple of things:
AFAIK they have allways delivered a decent service at decent price to their customers. Compared to normal bussiness practise they are just very ethical in their behavior. As a long time customer I must say that they are nice to deal with compared to many of those unethical companies that you find on the internet that just want to scam you.
An excellent analogy! Verisign is not as unethical as the companies that sell snake oil and redirect your phone call to Vanuatu. That's like saying I should be happy to just be beaten up in a robbery, 'cause I could have been killed outright. Thanks, I feel much better.
My only dealing with NSI (in the pre-Verisign buyout days) was when they wouldn't transfer my domain to me from the original owner because of an obscure missing piece of paper (full story here). I got around the problem by transferring the domain to Domain Direct (affiliate link) and then to the much cheaper Gandi (no kickback), and I've never looked back.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
BTW: Does anybody know what they're talking about when they claim that other TLDs have implemented something like SiteFinder?
Here: .ac .cc .cx .mp .nu .ph .pw .sh .td .tk .tm .ws .museum. (I posted something similar last time a similar story came up.)
GROGGS: alive and well and living in
Has anyone noticed that they are tracking the clickthroughs of the search results. (Note: google does not do this)
They are building a huge database of behavior. It is tied to your ip address. I wonder what their policy is on releasing that information to the government? (they originally were government chartered)
Hell. I wonder if they were put up to it by the Department of Homeland Securiy.
At the very least, it will prove to be an invaluable, and highly marketable database.
however, openNIC is alive and well and kicking much ass. (or http://www.opennic.unrated.net for the unenlightened...)
Hit them where it hurts, in the bottom-line. Complaining to everyone may get this fixed, but patching your nameserver and then going after the back-end may also get results.
If you check out Verisigns traffic page at Alexa (http://www.alexa.com/data/details/traffic_details ?q=&url=http://www.verisign.com), you can see why they aren't easily giving up their sitefinder project.
As a network admin for a small ISP I found a simple work around.
/sbin/ifconfig eth0:1 64.94.110.11 netmask 255.255.255.255
/www/nodns
First I set up a webserver.
add to apache
<VirtualHost 64.94.110.11>
DocumentRoot
ServerName A.com
ErrorLog logs/nodnserror.log
CustomLog logs/nodns.log common
</VirtualHost>
Set up a webpage for this server.
on my cisco I set up the following route
ip route 64.94.110.11 255.255.255.255 xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the real ip of my server.
https://www.godaddy.com/gdshop/pressreleases/veris ign_suit.asp?isc=&se=%2B&from%5Fapp=
Not really. You posted anonymously, I didn't. Nothing against you (since I have no idea who you are, obviously), but I set very little stock by anything posted without a name. I understand that there are reasons to post anonymously, such as to not bring down the wrath of an employer. However, there's still the concept of if you won't even sign your name to what you've said, how much can it be worth? Additionally, a lot of moderators take the tact of never moderating AC posts up. And you also started your post with a personal insult, which a lot of people automatically view as flamebait.
Either way, the important thing is that someone got modded up to point out how wrong that guy was. And that he got modded down.
-Todd
"The details of my life are quite inconsequential..."
If you use email, your email system will give you a message like which is only slightly inaccurate. Your email-to-speech reader should be able to read it to you about as well as it could have read the message you should have gotten.
If you're using a web browser, it's a different story (unless Verisign's web pages are tuned for different browsers, in which case Lynx could be made to work ok.) There's lots of Javascript, mostly at the end, and the phrase about the domain verisignsucks-1342314321.com does not exist is unfortunately buried in the code for a complex table, even though visibly it's rendered near the top of the page. So that depends on your user interface's ability to read you tables and ignore Javascript.
If you're using most other protocols, somewhat incorrect things will happen, because most of them use "A" records, which Verisign will respond to with their IP address, and the service you're looking for probably isn't there. But again, they're the same incorrect things that happen to sighted people, and presentation is an applications programming problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
ISC.org has come out with a couple new versions of BIND (on several platforms) that makes the Verisign thing irrelevant.
.RU or .CX or whatever registrars do.
Essentially, here's how it works;
Rather than simply accepting any response from any root DNS server, the new version of bind only accepts an NS record (that states the authoritative DNS server) rather than an A Record (which maps a hostname or domain to an IP address). So the root servers can only do what they are supposed to do; tell your local DNS servers where to find the authoritative servers. Even if they are configured to do something differently, BIND responds by forwarding an NXDOMAIN back to the querying client. Esentially, if an IP address comes back from the server, the response from the browser then becomes "DNS Error".
This has several advantages:
- it doesnt matter what ICANN does or what Verisign does, responses to DNS queries happen as they should.
- the patch fixes ALL of the TLDs, so it doesnt matter what the
- it can be done on the ISP level. Though I have no proof, I think there are BIG ISPs out there that have done this already (Earthlink has been mentioned).
- no routing, blocking or other stuff that could cause problems in the future is involved
- Joe Grandpa Internet User never needs to know, and doesnt notice anything different when the fix happens
I do not know about MS DNS Server, or other non-BIND DNS servers, but I am sure there will be patches or upgrades from your publisher.
If you run servers, go to ISC.org and read up about the upgrades. If you dont, check your publisher's web site. If you dont run DNS call or email your ISP and ask them to upgrade their BIND at their earliest conveneince.
Though I think it would be better if RFCs were binding, or if they were followed voluntarily... there is more than one way to get the right thing done.
Could we be witnessing the same thing happening to the Internet? Will it slowly evolve into a near useless channel of communication as it becomes more and more corporatized and balkanized? If it does, it won't be long before Internet jockeys start demanding regulation and some kind of government cop to enforce standards and other general agreements for how the Internet should behave.
When will that day come? Who knows. Maybe 5 years, maybe 25. Perhaps it'll happen during the gale force wind of anti-corporate sentiment that's currently brewing in middle America. But the real trick will be to stop the corporations from dominating the regulatory process like they did with radio and television. I hope and pray the ideals the Internet was founded upon survive this process. We'll have to wait and see and petition hard for our respective governments to do the right thing.
<a href="http://www.joblessjimmy.com">Work is dumb and so is Jobless Jimmy.</a>
...at least on the DNS servers I control. Just redirect lookups on the .verisign.com (and .net and .org) domains to my local DNS servers which strangely enough don't seem to point the inquiries to verisign... Just had to clear it with Management first as a "privacy issue"...
Help save the critically endangered Blue Iguana
that the sitefinder "service" only returns domains by verisign customers? Kind of negates the defense that the sitefinder utility is helping people across the internet find what they really need.
http://mediagoblin.org/
[just fired this off to VeriSign]
Dear VeriSign,
Assuming for a minute that you had absolutely no idea that SiteFinder would break large portions of the Internet, I'm simply dumbfounded over your renegade attempt to hijack the Domain Name System.
In all seriousness... what were you thinking?
Did you intend to destroy your credibility, or was it merely an unintended side effect or your sheer arrogance?
You've managed to rally the technical Internet community behind ICANN, the one organization which was a bigger laughingstock than you to begin with.
Please, reconsider SiteFinder. The Bubble bust a long time ago.
- a dissatisfied customer
There ya go, folks. Absolute proof of the existence of an alternate universe and our ability to communicate with it.
It may seem like a lot of effort, but, if everyone who hates this service just sends them a few words saying so, by email, by putting the following list of every address they have into their send line, they wont have an email system at all :) And it might be just a little fun too!
Here they are :) All 1 line, with , inserted, so you can just copy and paste it :)
consultingsolutions@verisign.com, websitesales@verisign.com, verisales@verisign.com, clientpki@verisign.com, internetsales@verisign.com, paymentsales@verisign.com, dnssales@verisign.com, digitalbranding@verisign.com, vts-mktginfo@verisign.com, channel-partners@verisign.com, premiersupport@networksolutions.com, authenticode-support@verisign.com, objectsigning-support@verisign.com, enterprise-sslsupport@verisign.com, vps-support@verisign.com, webhelp@verisign.com, practices@verisign.com, renewal@verisign.com, vts-csrgroup@verisign.com, info@verisign-grs.com
*There's Klingons on the starboard bow, scrape em off Jim!*
For example, you might go do www.apple.com, and the resulting page might ask "Do you want A. Apple Computer, B. Apple Records, C. Apple Growers Association of West Florida" or whatever.
However, because domain names are "owned" these days, there is little incentive to do this.
120 character sigs suck. Make it 250.
Good to see that verisignsucks.it still does the proper thing.
And doesn't suck it.
Sometimes you have to watch those crafty Italians.
I currently have no clever signature witicism to add here.
took 3 minutes and 20 seconds to timeout.
curl 2342323432423432.org
returned a resolver error in less than two tenths of a second.
curl 2342323432423432.gov
returned a resolver error in less than a tenth of a second.
Will anyone really wait three minutes for a web page?
There seems to be an issue as to whether the Verisign SiteFinder "Service" violates federal law, namely, the Electronic Communications Privacy Act of 1986. I wish I could get links to work, but here are URLs that will give you the text of relevant sections of this law. Type the URLs carefully -- you wouldn't want them to be intercepted by Verisign.
1 8/ parts/i/chapters/119/sections/section_2510.html
1 8/ parts/i/chapters/119/sections/section_2511.html
http://caselaw.lp.findlaw.com/casecode/uscodes/
and
http://caselaw.lp.findlaw.com/casecode/uscodes/
A careful reading of these sections (18 U.S.C. 2510 and 2511) seems to suggest that Verisign's interception of mistyped URLs and emails, which could easily be argued to this casual observer to be both intentional and deliberate, might be a crime punishable by a fine and five years in prison. Sections of this law other than the ones cited above appear to indicate that statutory damages might be available to individuals who have had their communications intercepted.
Someone with enough interest in the matter should contact a lawyer to get a more definitive answer.
Quit whining and run your own DNS server. When you are asked, you should willingly pony up the network bandwidth and server load to run a root server.
You'd better get cracking too: there's a lot of RFCs to bone up on before you can achieve the status of the enlightened few who are above the controversy by sheer virtue of pure wisdom.
If all the selfless people made it their livelihood to outproduce the demands of the greedy, would the demand diminish? Greed is foolishness, and a fool is self-defeating. Leave the greedy alone, but show them how to BE happy so that they can see parity from striving for happiness.
You can't sustain a technical solution for a political problem, so leave their forum and create a new one without political problems. Why not just go back to IP addresses? Why not a new distributed database? Signed DNSSEC zones with PGP style peer-reviewed keyrings for certificates? What's the BIG PROBLEM here? The solution is apparent in understanding the problem.
--- Nothing clever here: move along now...
because it only shows up if I have a typo in my URL:
http://www.verisignsucks.com/ -> non existent domain
http://www.verisignssucks.com/ -> sitefinder shows up...
http://www.verisign-sucks.com/ -> non existent domain
http://www.verising-sucks.com/ -> sitefinder shows up...
--
I'm a-huga bimbo.
By email, phone, fax, telegram, or letter (or better, several of these), let them know what you think. These are the people who can give Verisign reasons to change their behavior.
It's time that the rest of the world took control of the DNS away from the corrupt outfit that has highjacked it and the Government which allowed that to happen.
Perhaps UNESCO should run the DNS?
That's the United Nations Educational, Scientific, and Cultural Organisation.
Okay, one more time...
That's application level. You can shut it off. And if there comes a time when you can't, you're free to switch to a different browser, like, say, Opera.
And it doesn't result in mistakenly passed spam checks, email address leaks to Veri$ign, and general screwed-upedness like a wildcard DNS does.
Geez, does anybody get that "the web" is not a synonym for "the Internet" anymore?
I've spent a good amount of time this week trying to talk to end-users about this issue, and found there's a lot of background to fill in so people understand why they should care about this. Once you get through that, most have wanted to do something to at least prevent themselves from being affected. But it's a lot of work explaining the background over and over again. In some cases, to people who should know better, including CEOs of medium sized telcos. What I did do is put up a really short explanation of the problem and of three recourses-- the petition, the ISC patch for BIND, and reconfiguring a PC for using OpenNIC DNS servers. I'm open to revising and/or expanding it if people can provide more information that I've left out, although I've tried to keep it short. The item is here: What Is SiteFinder, And Why Should I Care? I did this primarily for my own clients, but it may be of use to others. YMMV.