Slashdot Mirror
ICANN Gives VeriSign 36 Hours to Pull Sitefinder
Froomkin writes "ICANN this morning announced that it sent VeriSign an ultimatum: pull sitefinder by tomorrow evening or we'll sue. Details and links to discussion of the contractual and legal issues in ICANN Throws Down the Gauntlet to VeriSign on Sitefinder at ICANNWatch." Update: 10/03 19:29 GMT by M : Verisign blinked.
I think ICANN should basically tell VeriSign, "If you pull this crap again you're through." VeriSign doesn't deserve to be in the position they are in, IMO. This pretty much proves it.
Do you ever visit a domain with .com or .net TLD? If so then you use Verisign yourself. You're relying on the root DNS servers that they manage.
So, basically, if I read this right
ICANN doesn't per se have a problem with the Sitefinder service, but rather, the manner in which VeriSign implemented it?
Ugh.
So basically, they're asking VeriSign to stop until they can take a look at it, give it a green light, and rubber-stamp it
Neither. Rather, think of it like two gangs fighting over territory, in this case, control of DNS.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"I do, because when I signed up it was 'Network Solutions' and back then it was a breeze doing business with that company. Now, though, is a different story. I get spammed by them, I get the run-around if I want to tranfer my domain name, and I now have a horrible customer web interface I *have* to use since calling them on the phone gives me an unintelligent and impatient customer service. I can't risk losing the domain name because of some bureaucratic "limbo" caused by Verisign's inability to do their job. I get to try to transfer my domain to another registrar this december. Let's hope I get lucky and it happens smoothly.
Do I use them? Yes, unfortunately I do at the moment.
As much as I want them to stop, this response makes a lot of sense, unfortunately: "So the key question now is, 'what will Verisign do?'... My gut reaction is to guess that they're not going to comply. Why should they? They're making mumble-mumble dollars per day on this 'feature,' which is multiples of what it will cost them to fight ICANN's demand, even if it goes to court. Every day that they drag it out is money in the bank... I predict that Verisign will very politely decline ICANN's "request," and state that the issue requires more study before coming to a conclusion. Much like any controversial aspect of ICANN's operation needs 'more study' before moving forward. It's worked in the past; I suspect it'll work now."
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Verisign received trusteeship of the COM and NET TLDs by ICANN, the government and the rest of the Internet standards bodies. They are free to promote the domains but are obligated to act in a neutral fashion and keep the DNS running. They are required to act as a neutral third-party with regard to providing a network service much in the same way it did when DNS was run as a government funded, non-profit organization (InterNIC).
ICANN's pissed and rightly so. The average Internet user has no idea how the net really works with regard to DNS. To them, www.google.com is the Internet. To the techies, we know the names are just thin veneers over the IP addresses that really control and make things happen. Until this affects the average user, only the geeks and techies of the world will care about this.
Verisign has gone and broken THE CORE PROTOCOL of what makes the Internet work! Without DNS, we would have to use and memorize IP addresses. DNS is supposed to work by returned an answer as to whether or not a name is mapped to an IP address and provide that address.
By building SiteFinder, they have waived their right as a neutral third party and are now trying to co-opt the largest domain registries in the world for their own personal profit and use. In doing so, they have also broken the software contract between DNS and its users. They've changed the interface that people expect to work a certain and broken or severely damaged the functionality of software around the world. When mail servers can't figure out if an e-mail is forged or not, it's only going to be a matter of time before the spammers clue in and increase bandwidth usage across the board until things change.
What Verisign fails to acknowledge is that registry is not theirs to do that with. It was paid for by taxpayer dollars and grants over many years from countless communities and can be considered a public utility. There cannot be preferential treatment in this. Or they can claim that the COM/NET TLDs are their intellectual property and they can do with it as they please. They want to do that? Fine, they can push for a new TLD to be added to the hierarchy for private use which they can manage. Turn over COM/NET to a neutral non-profit and let them run it as a public trust.
Yeah, well a lot of mail software relies on that, and one of the worst things about this is that Verisign is actually receiving a lot of mail that wasn't for them in the first place; they get to read, analyse and keep and it never, ever arrives where it was intended and doesn't bounce either.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"Network solutions shouldn't have been allowed to get into any business besides selling domain names and providing DNS. Anything else (like selling ads on their sitefinder) and there is a risk they will do something to DNS to promote their other products rather than improve usability (as they did). They shouldn't even be allowed to send unlimited e-mails to domain name owners.
TLD registrars and DNS providers should be small companies, run by people who are content to do a job and make a small profit, but not have unlimited freedom/growth potential of a private company that doesn't provide any exclusive service to the public.
I hope ICANN moves in that direction right away and not even bother with separate lawsuits for various small points.
ICANN shouldn't have to sue anyone over a technical aspect of the Internet. They should have the tools to simply tell Verisign to do it and have it done quickly.
/.ers have pointed out, they can just instruct the root servers to route around the damage.
They are not suing. They are, in fact, leveraging their contract - their tool - and telling verisign to get it done and have it done quickly. Specifically, 36 hours. The thing about the business world is that if they didn't make sure that they were on strong grounds, if they demanded the service be taken down and then got sued, then they'd be indemnable for whatever money verisign made up that they lost on absent sitefinder service.
ICANN is doing the right thing, in fact the very thing that we're angry that VeriSign didn't do: they're checking that their actions are correct before undertaking them. ICANN has a responsibility to be proper and careful, rather than just running around swinging its arms like a bully (which some would say that it has done in the past.)
Look, you can't please everybody: if you do it fast people will say you didn't plan, and if you plan people will say you didn't do it fast enough. Don't you think it best that they do this in the way that's most difficult for VeriSign to prevent?
It's difficult to be the good guy.
And they should also have the means to simply cut Verisign out of the loop
As has been pointed out, they have implied that they will do just that in about 36 hours if their demands aren't met. As other
(Of course, nobody seems to be pointing out that there's going to be the demand for some tremendous bandwidth and heavy servers pretty on-the-spot if they choose to do that. I find myself wondering which company will attempt to step up to the bat and steal the gold ring, if VeriSign fucks this up.)
StoneCypher is Full of BS
That's the trouble with protocols... once they're set good luck ever getting rid of them.
The $64,000 question is, can the domain not found response be modified at all without breaking the protocol? For instance, to have older programs recognize the error, but next generation programs (web browsers mainly) be able to return useful information like possible alternatives? This would allow for smarter, more functional programs without breaking legacy apps.
---If you can't trust a nerd, who can you trust?
They already kind of do this, trying different combinations of appending .com, prepending www., and that could be expanded into a wider search. Invalid domains can be turned into search terms.
This is a UI issue, not a protocol issue. It can best solved in the UI, i.e., in the browser. And the browsers, while not always acting in good faith, have done exactly this.
You mean like how Mozilla -used to- do a google search for me if the domain didn't exist?
That's something I specifically wanted, and configured Mozilla to do. Google is rather good at guessing what I wanted when I mistype stuff.
And it's a feature that VeriSlime have now broken for me. Sitefinder is almost completely useless at guessing my typos, and the only way to get the old behaviour back is patching DNS to return NXDOMAIN like it used to.
Many ISP's in New Zealand are already running a patched DNS that ignores VeriSlime. My current ISP is one of them, but I still keep seeing sitefinder in places like the ODP editor.
Hell, that brings up another point. The ODP editor interface has various tools for checking that sites still exist, so that editors don't have to go through the tedious task of checking them all periodically. Guess how SiteSquatter affects those tools?
455fe10422ca29c4933f95052b792ab2