Slashdot Mirror
VeriSign Responds To ICANN's SiteFinder Advisory
dmehus writes "VeriSign's Naming and Directory Services division has written to ICANN President and CEO Paul Twomey regarding the recent advisory concerning VeriSign's DNS wildcard redirection service. In the letter, VeriSign's Rusty Lewis says that they are open to independent and objective technical concerns expressed by various Internet bodies; they have formed their own "independent" panel of industry leading experts to produce its own, separate report; and they will not voluntarily suspend SiteFinder. It's a very terse response, and frankly, I'd have expected more from them. Slashdot readers are encouraged to visit ICANNWatch for in-depth, expert discussion on this and other issues."
From the letter to ICANN:
As to your call for us to suspend the service, I would respectfully suggest that it would be premature to decide on any course of action until we first have had an opportunity to collect and review the available data.
Well, I think that the world would have appreciated the same level of consideration before the system was ever even implemented in the first place.
In case you are not a doubleplusgood duckspeaker, here is a helpful translation of Verisign's letter to ICANN.
.com and .net zones.
Dear Paul:
Translation: Dear meddlesome twit:
This will respond to the ICANN Advisory concerning VeriSign's Deployment of DNS Wildcard Service dated 19 September 2003.
We're about to tell you where you can stick your "advisory".
In the footsteps of several other registries that have done the same, we recently deployed a wildcard in the
Verisign has no problem being just as sleazy and underhanded as any of our competitors.
This was done after many months of testing and analysis and in compliance with all applicable technical standards.
Marketing sees dollar signs, and legal says we can get away with it.
All indications are that users, important members of the internet community we all serve, are benefiting from the improved web navigation offered by Site Finder.
None of the lusers who installed "The Internet" on their computers has a clue that we've even done anything.
These results are consistent with the findings from the extensive research we performed.
They are, however, clicking the pretty buttons, just like we hoped they would.
We are, of course, very interested in any objective technical information ICANN may have received concerning the service and would welcome the opportunity to work with you to review such data. To that end, we have reached out to schedule meetings... of leading experts in the field.
Let's have a meeting. Then another. Then another. Then, we'll codify the new de facto "standard".
As to your call for us to suspend the service, I would respectfully suggest that it would be premature to decide on any course of action until we first have had an opportunity to collect and review the available data.
We're going to get our way, because we can, and there's nothing you can do about it. Weenie.
After completing an assessment of any operational impact of our wildcard implementation, we will take any appropriate steps necessary.
And if we don't get our way, we'll pay off anyone we need to.
I look forward to continuing to work with you on this issue.
Kiss our ass.
Best Regards,
See you in Hell,
Russell Lewis
Executive Vice President, General Manager
VeriSign Naming and Directory Services
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
I think it's time for ICANN to look for someone else to run the NET and COM TLDs. Not only are they unwilling to suspend SiteFinder after an enormous public outcry and a direct request from ICANN, but they didn't even bother telling anyone they were going to do this in the first place ahead of time. This is absolutely terrible, and I hope ICANN finds someone else to manage these TLDs
We'll know if these "negotiations" fall apart if "www.icannwatch.org" suddenly displays SiteFinder.
I watched C-beams glitter in the dark near the Tannhauser gate.
Which ones?
.ws, for one: try this. I think many other countries' 2-letter codes do the same, especially if the country has sold their national online identity for cold, hard cash.
dot
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
of SiteFinder is the fact that non-English speakers no longer receive an error message in their own language, but are confounded with some bizarre English language site which certainly wasn't where they were trying to get to.
...that enough of a ruckus will be kicked up over this that someone will have the following bright idea:
.net, .com., and .org. Everyone's screwed. So much for the free, cooperative, works-of-our-own-free-will Internet. Thanks, Verisign.
Let's make this illegal!
Voila. Government steps in to take over
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
Here is something interesting: Check out the Terms of Service:
http://sitefinder.verisign.com/terms.jsp
Is there anyway I can turn this service off? I disagree with the terms.
Ted
Fantasy remains a human right; we make in our measure and in our derivative mode... -- JRR Tolkien
Dear Paul
After the extensive research of how IE directs bad names to MSN Search, we decided that we couldn't let the bastards at MS be only ones that makes money off of poor saps who can't type their URLs right.
We really don't give a rat's ass about what ICANN thinks but just to shut your whiney mouth off, I hires a review panel of leading experts in the field. They include Linux code reviewers from SCO, the guy who thought of domain parking for Register.COM, and the guy who invented One-Click shopping.
As to your call for us to suspend the service, I'd like to politely say "go fuck yourself" with the upmost respect ICANN's Chairman, Vint Cerf, and ICANN's Security and Stability Advisory Committee, Steve Crocker. Crocker, now that's a funny name, just like ICANN.
If you send any more letters, I will personally wipe my ass with it.
Go to hell,
Russell Lewis
Executive Vice President, General Manager
All Your Typos Are Belong To Us, Inc.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
If your domain registration site is using a DNS lookup to check if a domain is registered, it is a very poor domain registration site. There is no guarantee that if a domain is registered, there are nameserver records for it anywhere except the gTLD root nameservers.
Registrars should be using the SRS system provided by VeriSign Naming and Directory Services to check if a domain is registered. This is the same system that they use to register domains with the registry (run by VNDS). This system can and does provide a definite yes or no as to whether a domain may be registered.
Love VeriSign or hate it, but get your facts straight.
"The details of my life are quite inconsequential..."
Why do you seek to portray Verisign as such a sleazy company?
Because they are and always have been.
Besides using the fact that they run the root servers to hijack all unused addresses, in the past they've sent misleading correspondance to domain name owners to get them to switch registrars to verisign when all they want to do is renew.
It was Network Solutions (a company that was absorbed by Verisign) that created the concept of paying for domain names in the first place... there was a day when domains were free to the end users.
If not, what better target for a lawsuit!
Hey, if you feel strongly about this issue, you can reach them directly. Just call 703 925 6999. That's the direct line for VeriSign Naming and Directory Services. I tried to get Rusty on the line, but they're on the East coast and he had already left the office.
I just spoke with a nice secretary lady whom told me that she was 'sad to hear' that I, "an investor", was going to sell my "2000 shares" of Verisign first thing in the morning due to their horrible wildcard DNS policies.
When I asked why they are doing this, she told me it was a "marketing decision" and that "somebody in the marketing department" thought it up.
She said that I was the first person she had heard complain about it, though she had read somewhere that it was "controversial".
If anybody has any success getting through to these people, post any interesting tidbits you find out. Thanks.
# wrote sig.txt, 23 lines, 31337 chars
I think it's interesting how ICANN is coming at this situation. I think you have to realize how much money VeriSign makes ICANN. I'd dare to say that over 70% of all of ICANNs revenue is generated from VeriSign.
So It's sort of the same situation that we are in with Middle Eastern Oil. We're trying to tell them, 'Hey, make it cheaper and give us more' but we cant strong arm them. 'cause if they up and leave we're left high and dry.
If VeriSign were to be revoked their registrar status, ICANN would stand to lose millions.
Why do you seek to portray Verisign as such a sleazy company?
If you ever had a domain with them, you'd think they're sleazy too.
I spent months trying to transfer a domain away from them, and when I finally thought I'd be able to do it, they told me "You can't transfer your domain when there are less than 30 days to the renewal date" - essentially, they made me pay $35 for 4 more days. Luckily, easyDNS is nice enough to honor the remaining time on your domains.
If you havent allready signed it, there's a petition at http://www.whois.sc/verisign-dns/ to encourage Verisign to rack-off.
I am a Mac OS X user and recently read an interesting hint on the Mac OS X Hints website.
It appears that simply blocking sitefinder.versign.com leads to a rather unpleasant 'timeout' error in a browser: a long wait prior to a timeout is hardly better than an instant appearance of VeriSign's SiteFinder service.
However, one of the users, in the comments on the hint, noted that "[w]hen you type an incorrect URL, the Verisign DNS server actually returns an IP address, which is that of sitefinder-idn.verisign.com."
He continues, "Blocking the sitefinder-idn.verisign.com server in the manner recommended in this hint would save a fraction of a second but the main problem with this hint is that it suggests blocking the response when a far more efficient method would be to block the outgoing request. The system tells the browser that permission is denied for this request and the browser passes that information along immediately. Thus, the rule I use is:
sudo ipfw add 1170 deny tcp from any to 64.94.110.11 setup
I have been using this rule without any noticeable problems. Perhaps it might be of use to others?
ICANN can revoke their authorization last I heard. They are pretty much push-overs for corporations so I don't see any top down remedies to this blatent miss-representation of their powers.
On second thought, here is my idea: Have Verisign pay ICANN for every bogus returned DNS request, since technically Verisign has registered billions of domains, I'd say that ICANN is entitled to a mightly large chunk of Verisign revenues. More than the service is worth? One can only hope.
Bye!
If one looks at the newsgroups as historically how something like this works, the .museum TLD is a highly restrictive, highly controlled domain. It's entire purpose is for respected institutions to be listed. So, them having a master index and a reply indicating an invalid domain makes sense, since the entire domain listing easily scrolls through a few screens only. It would be the equivalent of a comp or sci newsgroup; highly structured groups with moderation and content rules.
.com is the tld equivalent of alt., where anyone can create and post anything, without moderation, without structure. Attempting to impose structure, in the form of sitefinder, is stupid in this instance, since the organizations represented in .com are usually for-profit or attempting to jockey for position. If I have a business, do I now have to register every possible combination of my domain to keep idiots from being redirected to a customer of mine because they paid verisign to add them to the referral page for a misspelling of my domain name? I also have to worry about verisign giving precedence to domains registered through them in the recommended sites, and if I have a godaddy.com-registered domain, will I end up being denied business that would normally have realised that they made a typo, to fix it and come to me?
This is the real problem that I have with sitefinder. It being in the hands of a commercial organization who has exhibited a systematic behaviour of putting profit before anything else will only exploit this situation. They will start selling placement on messed up domain entries, they will start denying domains registered through other registrars the same regular placement as their own, and they will destroy what had been a fairly free and open system.
I'd recommend that if Verisign doesn't immediately stop this insanity that we write to our legislators and demand that control of the TLDs that versign manages be removed and handed to ICANN to deal with directly.
Do not look into laser with remaining eye.