Slashdot Mirror
Verisign to run National RFID Directory
JamesD_UK writes "Verisign has been given the contract to develop a national RFID directory by EPCGlobal. Under the directory scheme each company will maintain an Object Name Service analogous to DNS with Verisign running the root server. Verisign has already setup the infrastructure at six different global sites."
PeopleFinder is on it's way then :)
'The person you are trying to find does not exist. Did you mean....'
you get a nice Verisign advertisement.
Does it defualt to telling you that it's a McCheeseBurger when it can't find the item you were looking for in the database?
Beep beep.
Munchkin VeriSign's Brendsel is surely going to lead us up the yellow brick road.
Did anyone else run into trouble with Verisign using Microsoft's code signing last week? A bunch of Verisign's certs expired, which shouldn't have mattered if you were using the API correctly, but WinVerifyTrust() was blocking for minutes at a time. (I'm not sure why the certs belong to Verisign and not MS)
The CryptoAPI mailing list was claiming that "verisign was running slow".
Anyhow, if its true, I don't trust Verisign for to provide infrastructure for squat.
So, when you need to change something, or fix an error with your registered RFID tag, you can attempt to make the change via their web interface, then wait a week and a day, or you can call in and fax in the form and have someone never get anything done with it, too?? Then, right in the middle of it all, they'll switch out how things are done and you'll have to conform to their backward standards..
= Grow a brain...
now verisign has the ability to erase me.
Please remember me when I'm gone...
Jason Faulkner
Old Os Administrator
jason@oldos.org
oldos.
The ./ community has released an update to patch this "issue."
Simply wear the provided tinfoil hat to nullroute this new service.
Just wait until the implement wildcard RFID als site seeker and start charging $70 a year to renew a tag. It wouldn't surprise me a bit
Rus
CPanel + Root from $35/mo - 10% off with discount code SLASHDOT
More standards, new methods... and what about embedded systems... surely this will not be compliant with old systems in 5 years time... You will need Windows 2006 to be able to use this. Just seems like the web is getting more and more bureaucratic, not good... America: where liberty is a statue and patriotism is trusting the government.
America: where liberty is a statue and patriotism is trusting the government.
Hillary is a goddess. I want her to make me lick her boots, I want her to whip my ass raw and fuck me savagely in the ass with a strap-on dildo while abusing me verbally.
And if she would let me to serve her orally all night long, I'd die as a happy man.
Found it very odd that they didn't mention UPC even once in the article. Wouldn't it make sense to have support for UPC while EPC is phased in over time?
Having a bookmark to Google does not make you an expert on everything.
It seems that this is just a slightly different implementation of an old idea. The only really interesting thing is that they are searching for RFIDs using the same redundancy as DNS.
What are the similarities between CueCat and the EPC Directory project? It seems to me that the only difference is the scale of the implementation.
Is that accurate?
------- "One of the joys of travel is visiting new towns and meeting new people." -- G. KHAN
Mabbe it's juz me....but I am extremely uncomfortable of them running both the RFID database, and the DNS database. Too much control by one company.....I would prefer it's runned by a non-profit org. But I don't really like the idea of RFID in the first place.
For at least two reasons, choosing Verisign for this project is as bad a choice as picking SCO to safeguard free/open-source software -- a direct analogy, not just because SCO is flavor of the month.
Not only do they lack the technical competence to do it properly and flexibly, but they also lack the professional integrity to be doing this work. It is a company that rejoices in its commercially-led myopia, at every opportunity making the "wrong" decisions on the basis of perceived market benefits to itself alone.
This is going to end in tears.
What? The RFIDs?
I can't think of anyone I'd trust more...
</sarcasm>
Seriously, it's a wonder anyone trusts them with anything anymore, especially with the way they've abused their position as DNS registrar and TLD maintainer. I certainly don't. They'll have to do a complete 180 for an extended period of time (many years) to ever get my business again.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
I don't like RFID to start with, but being that verisign is involved I can't help but feel uneasy. It seems to me as if I should be looking to find a way to convert verisign's name to 666 via some mathematical equation or something. Given the way they have delt with domain registration, this can't be good.
Sounds like a great job for a company we can trust.
Electronic Music Made Using Linux http://soundcloud.com/polyp
But we should have an open, public, maintainable database which is -not- under the exclusive domain of Verisign for these things.
I can think of plenty of private uses of RFID which I would not want Verisign to be involved in, in the slightest.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
As anyone who has had to deal with Verisign knows, this is bad news.
As a (news)host you should be careful what you say in public. Inciting racial hatred and promoting stereotypes is just bad. That's why EU has nazi-parties and nazi-talk banned in the first place.
While I believe BBC is wrong to suspend Kilroy-Silk, I can definately understand the resons behind them being so heavy-handed.
The critism they have recieved from their involvement in the Dr.David Kelly fiasco would surely make any national organisation take Political Correctness very seriously indeed!
Kilroy-Silk made a mistake. His original article was misleading and he has appologised for that. I am sure we will see him back in the Beeb soon enough.
PHP
You've got a long, lonely life ahead of you when you grow up. Most women don't like S&M and only of a fraction of those like to dominate.
all in one story is not quite enough for a flamewar. If they were running this new service on SCO licensed servers donated by Microsoft in order to find oil on Mars, THEN you would have a story.
----
Squirrel
Given the fact that this sounds like a directory in X.500 or LDAP format, which are both extremely vulnerable to ASN.1 vulnerabilities, hackers will have a field day exploiting this directory.
:-)
Also, since ASN. is very non-trivial to program, it will be interesting to see how many programmers will be able to use this succesfully... i am referring to the ASP.NET generation
Imagine the outburst on here if FBI was to run directory!
Tsunami -- You can't bring a good wave down!
Is anyone actually surprised by this? I was just as shocked when Oracle's Larry Ellison said that he would help set up the National I.D. card database. These companies are just profiting from stealing away what little chunks of our privacy we have left, after congress and the government have taken their share. I guess that in this economy they will do anything to survive. Sad.
</conspiracy theories>
I hate sigs.
I have to say that they've proven that they're a good choice for this. Keep in mind what the #1 priority is for maintaining TLDs, particularly the big ones (.com, .net, .org) that Network Solutions/VeriSign handled for most of their lives. VeriSign's idiocy and abuse with regards to non-existent domain handling and misleading 'renewal' notices are despicable for sure, but while all that was going on, they also kept things up and running quite well, even weathering out the largest DDoS on record without going down.
For your security, this post has been encrypted with ROT-13, twice.
Just think what fun you could have with cache poisoning.
and how do I become a member?
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
If verisign is running this, does that mean that at any given point my RFID enabled electric razor will start going really, really, slow?
tinfoilmedia
Cool, does this mean that when their intermediate root RFID numbers expire, we get free stuff? Or does it just mean that the cash register will pop up error messages when they try to verify my purchases?
Cole's Law: Thinly sliced cabbage
The company that thought trying to swindle *everyone* who didn't know the market price of domain registration by sending out pseudo-bills is the company that the Gov'mint thinks is worthy of keeping tabs on, well, on everything?
Okay, I got it.
I understand the future: no company will be entrusted with sensitive, and potentially vital security work unless they combine incompetence with malfeasance.
Lovely...
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
Indeed. My exgirlfriend never liked it when I pissed in her face when she was tied up. Even though she asked for it.
I'd like to think that that's why she went off with another guy, but then last I heard he beats her up and stuff, which sucks. Ah well.
National RFID Directory. What is it all about... is it good, or is it whack?
That's what bigots try and plam it off as when they are exposed.
K-S said "all Arabs are suicide bombers and limb amputators" in a National Newspaper. All Arabs, not 'a few arabs'. And he hasn't apologised for saying that at all, he said "it's been quoted out of context" and then tried to blame "political correctness" on people being upset that he should host a national chat show dealing with issues such as bullying and racism.
I find it amusing that it was printed by mistake, it's a reprint of an article published *during the gulf war*, which to my mind, makes it *even more* inflammatory.
The guy is also a former MP. The sooner he's out of a job, the better.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
The BBC's Coat of Arms bears the slogan
NATION SHALL SPEAK PEACE UNTO NATION.
Which is perfectly in line with their decision to suspend (and hopefully fire) Kilroy-Silk.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Wow, cool it's like you've replaced every occurence of the word "Silence" with the word "Skynet". Man that's so deep, it's like a total re-interpretation of like...everything, Wow !!!!!!!
What kind of peace do we seek?
Not a Pax Americana enforced on the world by American weapons of war.
Not the peace of the grave or the security of the slave.
I am talking about genuine peace, the kind of peace that makes life on earth worth living, the kind that enables men and nations to grow and to hope and to build a better life for their children--not merely peace for Americans but peace for all men and women--not merely peace in our time but peace for all time.
We put the 'F' in RFID...
Think of the possibilities!!!!
In short, the data that we carry with us via RFID will precede our every action in society.
Imagine having BLOGS based on RFID's. "I dated a guy named Joe with an RFID tag of XYZ and he's a real loser/winner".
Makes Minority Report and Gattica seem pretty likely in our lifetimes.
If I microwave my clothes, will it destroy the RFID's???
Oh noooooooo! ouch ouch, hehe hehe, ooooooaauughhh.
I am Cornholio I need TP for my BUNGHOLE!!! hehe hehe
Any credit for this idea has to go to George Orwell. Who would've guessed that he was just 20 years too early on his prediction?
I remember reading 1984 in 1983 and thinking, "Well, thank God that could never happen." I don't think it's funny anymore. Somebody stop the madness.
tims
"Ahhhh, best laid plans of mice and men... and Cookie Monster." -- Cookie Monster, Sesame Street
I imagine that stores would already know what rfid's they had in inventory. So, it's not clear why they would need a EPC root server or who actually would be using this service. I'm more worried about the stores forgetting what they have in inventory vs. what they sold, given how good companies are at correctly maintaining databases and backing them up. Could make for some interesting store exit scenes. Make sure that you have all your receipts for everything that you are wearing.
Please write to Jack Grasso, Director of Public Relations, at mailto:jgrasso@uc-council.org.
.COM and .NET "Top-Level Domains" to bring web surfers that made a typo in a URL to a VeriSign-owned search engine, which sold advertising to other companies and promoted specific search results based upon their paid advertisers. In the process, the technological changes they made to do this caused the malfunction of millions of programs, primarily many anti-SPAM utilities.
1 2&mode=thread&tid=158&tid=99
My letter is below:
(hpoe my facts are mostly accurate)
Good morning Mr. Grasso -
I am writing this morning to express my extreme dismay at the selection of VeriSign to run this RFID registry. As a professional in the technology field, I have dealt with VeriSign on many occasions, and have decided that I never will again, if at all possible. VeriSign has a history of putting the company first before all else, including privacy, not a great attribute for someone who will organize a system to track millions of things and people.
VeriSign has engaged in deceptive business practices, for example the "fake" invoices they sent out to clients of competing registrars, giving the false impression that the client had to pay VeriSign in order to renew their domain (VeriSign lost many lawsuits over this deceptive practice, and the FTC even got involved).
VeriSign most recently used the monopoly position on maintaining the
In all these cases, VeriSign acted greedily to further the company's aims over what's good for the people who must use the services that VeriSign administers. Their track record of deception and the world-renowned sluggishness with which their company operates should be a red flag for anyone who understands the types of technology involved and the effects that VeriSign's moves has had on the Internet.
Please consider some additional viewpoints. There is a website known as SlashDot, located at http://slashdot.org, which has one of the largest user bases of any web site. Most of the users are tech workers, and the discussions on SlashDot are some of the most intelligent discussions I have ever read. A discussion on your organization's decision is in progress right now. Please read it at http://slashdot.org/article.pl?sid=04/01/13/12572
And please pass along to your management the unhappiness this move has brought to the vast majority of the people who actually understand what your technology does, what it is capable of, and the ways it can be abused.
Thank you for your time.
-- You can't drink all day. (Unless you start in the morning...)
Verisign is considering a name change to 'Skynet'.
At least I didn't post the same old lame skynet quote from t1.
Your last statement is so true. Thank you for enlightening my day!
Rumor has it that Verisign is just a front for the NSA, so that they can have backdoors to our encryption.
Hmm... Guess I don't have to worry about RFID anymore...
and the discussions on SlashDot are some of the most intelligent discussions I have ever read
Q.E.D.
The "Verisign Plans DNS Changes" story now begins to make a bit more sense now. Especially when one considers tying RFID and DNS together.
...so many 'technical people', so little real understanding. To the peeps who think RFID is 1984 "20 yrs late" - you are soo joking, give this technology another 10yrs minimum Before it gets anywhere NEAR the kind o0f FUD I'm seeing on this thread. Even more to the point, Y oh Y do people seem to swallow the Corporate-bilge when it suits their paranoia??? Figure it out - more importantly, do some reading, I work with RFID and half of what I read on this thread is applicable only in a SciFi novel. Ho hum.
For just $19.95, you can have the product you wish to purchase branded with the EPC code of your choice! You can choose from any letter or number, including words/phrases; up to a total of 20 characters!
*Imagine owning a handgun that has your name inscribed on it - as the EPC Code! WOW! AMAZING!*
great wording on that last sentence. I'm totally stealing it for a sig. I should probably credit whoever came up with it. was it you?
So what we are hoping for is disclaimers on products that are equipped with these little devices. So we can avoid purchasing them!
Such electronics that I see as being a potential problem would be, watches, cell phones, pda's, audio players (electronic, digital, analog).
Then again I am being antagonistic, I am certain we can trust our corporations to not insert these little devices into any and every product they can (for market research of course which is in no way evil).
:-( --- argh. Despair, I owe again.
Do you subscribe to the idea that it is inherently bad for those in power to have information in excess of what is required for them to fulfill their constitutional duties? Is anonymity a prerequisite for freedom? Has the only thing protecting that anonymity been the impracticality of knowing everything?
The right to privacy is inferred rather than explicit in the U.S. Constitution. For this to be ruled illegal, you'd have to convince a judge that a commercial RFID tag represents a law enforcement search, and that said search is unreasonable. This is unlikely; therefore, those in power stand to know everything about all of us. Since knowing everything about someone is tantamount to totally controlling them, is this the end of freedom?
who are those slashdot people? they swept over like Mongol-Tartars.
who makes these decisions? given verisign's past, what novice decided this would be best? how about we start polling the slashdot community, or at very least, asking someone with some computer expertise. .com, .net, and RFID. what next?
So we tie DRM into RFID...
Oops! The certificate you have tried to use has expired thus you don't have the rights to access the software to upgrade your pacemaker.
Please contact your local medical administrator if you feel you have recieved this message in error...
swallow a tag and track it through the sewer system to the sludge flats to the farm and back to your plate? guess it would have to get caught up in some roots to actually do that.
rinse, lather, repeat.
telnet my.stinky.catbox
clean -s
exit
General question: How easy/cheap is it to jam RFID receivers?
I wake up, check my e-mail, and pop the lid on my RSS feeds, and what do I see?
My first thought is, "Nice April 1 joke! Hah, hah, hah. Very fucking funny." But then I check my calendar.
Oh shit.
Please Help a Schizoid Genius!
I can see it now. I'm shopping in wal-mart (Clearly this is a dream sequence)
...damn you item finder bot
After browsing around for a few minutes, I walk out the doors without purchasing anything.
BOOM! Two sets of doors slam open, and out comes ItemFinder "Service" Bot ! Scooting towards me at nearly 35mph, knocking me down with his huge spiked arms.
[IFBot] I AM SORRY THAT YOU WERE UNABLE TO FIND THE ITEM YOU WERE SEEKING!!!
*** IFBot picks me up and throws me back into the store
[IFBot] PERHAPS THESE ITEMS ARE WHAT YOU WERE LOOKING FOR!!!
2) EPC is 96 bits: Header, company, product, serial #
4) Extract "company" bits (exact length set by header flags). Make a lookup call to root ONS server. It will return IP address of "company"'s ONS server.
5) Extract "product" and "serial", call company's server for information on that instance of that product
Note that steps 4-6 are likely to be buried off in a single API call that accepts the whole EPC as an argument... and that (local) caching likely means that step 4 is often skipped. Caching can also help step 5, mostly when were only interested in product and not serial... but I digress from the point.
Further note that Verisign is only involved at "Company bits -> IP address of company's ONS" in step 4. No other involvment from Versign... so lots of scenarios suggsted above are just BS. Verisign either answers the query; or not.
If they attempt to "squat" like they did on unused domains, they can only do so on unused COMPANY codes (more like TLDs than unused domains)... and why would a real world RFID tag ever have an unused company code?
As for perverting any deeper information about that product or that instance... they are not involved in those calls... no can do.
Jan
Sure this particular useage *may* not be a bad thing, but this is only the beginning... there is plenty to be afraid of that is just around the corner.
---- Booth was a patriot ----
I'm surprised that the Uniform Code Council doesn't seem to be involved with this (perhaps they are, or since the members section is down, maybe the partners of the EBC are the same as those of the UCC, who knows.) One would think they have experience in these matters.
The UCC is the organization that hands out UPC barcodes.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
Nicaraguan terrorists were our friends as were El Salvadorian dictators. We had yet to begin, fully, the "War On Drugs" (sent up as a distraction to "Oh, Ollie North *did* siphon drugs to pay to fund the Contras explicitly against Congressional Mandate" and "you have no hard proof that as a candidate that my campaign negotiated with Iran to hold Americans until the election") - the war on drugs which has taken property and put american's who have never sold or seen or touched drugs into prisons ("conspiracy to ponder thinking about forming a committee to sell drugs" - whatta system). And since most prisoners on drugs are there because they didn't know enough to turn over on other folks, most of them are just low level petty criminals - the bottom of the drug selling food chain. But that's why america is free of drugs today, right?
Good Ford, man! Remember, Winston Smith was (it appeared) alone in his recognition of the wrongness of the system - it wasn't a book about the masses recognizing something wrong, it was a book about one guy who noticed among all the others.
--
Buy a Hummer (12 mpg?) and support terrorism.
Didn't I hear something not too long ago that Versign was going to spin off the Network Solutions company? At least then there would be two seperate companies running these central databases.
THIS SPACE FOR RENT
Why would you need a third party system like DNS for this? Isn't it enough to have the number? Cut out the middle man!
ALRIGHT! When can I get one of these RFID thingies in my forehead?
I am completely opposed to widespread use of RFID. If they were to become ubiquitous, and the scanners were placed all over the possibilities for abuse are limitless. For example, they could easily be embedded in clothing by the manufacturer and used to track people's location. Michilin has already said they will start putting them in car tires. Note that most domain name lookups go through them now, so they have a massive database of where everyone is browsing. Do we really need a private corporation like Verisign to be in the position to have a massive database of everywhere we walk, and when? This is just Total Information Awareness in a very ugly corporate form.
The technology we trust most, in the hands of the company we trust most!
________________________________________________
suwain_2
Seeing how Verisign is completely and utterly incompetent, the RFID database should be dead within 12 months.
Wait until the first paying customer looks up their office supply product, and Verisign's database returns "Adult Sexual Aid"
Why not simply adapt the UNSPSC codes to work with RFID technologies? UNSPSC codes are already used around the world for working with material goods. In addition, all of the world's ERP systems including the market leading SAP R/3 support UNSPSC codes. So, instead of receiving a UNSPSC code through a Purchase Order, Invoice, or Purchase Requisition, the software would receive the RFID transmission of its UNSPSC code.
Wouldn't it be possible for companies to buy their own custom coded or blank RFID tags anyway? Who says you would have to subscribe to this format in the first place? Already there are competing standards on how e-commerce should be used. We have ebXML, cXML, and cbML. Sure it would be better if there was a single standard, but there isn't a way to force businesses to use such a standard. Why would RFID and EPC be any different?
Finally, if I use SAP (for example) why would I need my RFID tags or any software to communicate with Verisign? Why wouldn't I want my R/3 system to be "the system of record" as it is for my accounting?
To know is to have knowledge....to understand is to be enlightened.
I can see it now...
Sorry Mr. Anderson, you can't pay for your coffee today, see Verisign revoked their security certificate today, so we can't process your money. Would you like to pay in the form of rolex instead?
I suppose this means that eventually, any unregistered RFID tag scanned by anybody will result in a $2.00 (US) bill from "tagfinder" for using what must clearly be "their" property...
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
I have that issue! It only one of two issues of Spy that I own, given to me by an older gentleman who was making homosexual advances on me in high school.
...for a discreet, wearable RFID jammer.
Sacred cows make the best burgers.