Slashdot Mirror
Verisign's SiteFinder - An Engineer's View
ixs writes "CircleID has an interesting article by David Monosov about Verisign's plans to reintroduce Sitefinder.
The article presents the thesis that the Internet engineering community is partly to blame for Verisign's ability to mess with the .com and .net root zones. According to the author we spend too much time with our systems and not enough with politics. The writeup was previously posted to NANOG and received a favorable response from Paul Vixie."
http://web.archive.org/web/20000818212505/www.iii
"There will be up to one-hundred-fifty (150) new iTLDs allocated to as many as fifty (50) new registries, with no more than one half (1/2) in the same country, created in 1996, and chartered to operate for up to five years.":a .org/lists/newdom/current/0518.html
http://web.archive.org/web/20000818221119/www.iii
Tell me what was wrong with this again?
Actually, I think Microsoft's feature is much more amicable. After all, any other browser could do the same - hell, the moz project could raise funds by makign the default search engine and the host-not-found search engine a contract to the highest bidder. Not that we'd like that, but they could.
The big thing is that the MS search-integration features don't break anything. They might interfere with their users seeing certain errors, but nothing's busted. SiteFinder breaks shite left right and center.
Sometimes I misspell URLs and I actually *like* having a service that attempts to find the site I'm looking for.
No problem, just set your browser to send you to a search engine of your choice when you get a 404. If your browser doesn't do that bug the developers.
DNS wildcarding isn't the way to this. It breaks other stuff.
This is a pet peeve of mine. When a site can't resolve, it is an nxdomain. A 404 is when the requested file on a web server doesn't exist. Please stop calling an nxdomain a 404.
Sometimes I misspell URLs and I actually *like* having a service that attempts to find the site I'm looking for.
That's not an accurate requirement.
- Sometimes - when? I assume when you type it in your browser, you are not speaking email here?
- having a service - well, more like having something, you dont really bother what it is as long as it works, dont you?
So your requirement becomes : When I misspell an URL in my browser, I like it when something attempts to find the site I'm looking for.Fine with everyone. There is such a feature in IE, and this is the right place for such a feature to be.
Why we are against SiteFinder (and if you had read Slashdot before you would know this) :
You simply cant. Not even with cookies or so, as there is no such thing for DNS. But you can opt-out if the same service is implemented in your browser. (change browser/deactivate feature)
AND you will get a wrong message : "recipient not known" instead of "server not know".
It may annoy you, but you can adapt quickly. But there is also software that needs DNS lookup to function properly (most prominently, spam filter). And software doesnt adapt itself, it has to be rewritten, thus generating costs in various other companies. If SF was an opt-in service that would be less problematic, so that only software that wants to use this feature had to be rewritten, but this isnt the case.
It is written : "when the domain does not exists, you return a does not exist message". But suddenly Verisign decides to return "it's Verisign".
Like the idea? Then get IE, misuse google for it, or hack mozilla/write a RFE. But SF is A Bad Thing (TM).
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
VeriSign running a bogus SMTP server was very bad from a privacy point of view. Even if they didn't accept the message body (did they? I don't remember), they collected a lot of information that could've been used for traffic analysis. It's none of VeriSign's business to know that I mistyped an email address: they could find out what the real address was. It's none of VeriSign's business to know that I mistyped a URL: they could find out what the real URL was (hamming distance usually 1 or 2). Why should they collect so much information about my email or surfing habits anyway? If I believed in conspiracy theories, I'd suspect that they may be in cahoots with the NSA (I don't think so).
cpghost at Cordula's Web.
You mean like http://www.opennic.unrated.net or http://www.open-rsc.org?
Depends what you mean by legitimate. Various search engines, including Google, have gotten into hot water over serving up paid sponsor links to competitors of a given trademarked search term. Dunno if any actually reached the legal arena, the search engines normally cease and desist. And let us not forget the brouhaha over MicroSoft's Smart Tags.
I fail to see how SiteFinder is any less of a trademark infringer than the prolific typosquatter John Zuccarini, who not only has lost repeatedly (admittedly not all of these are typosquats, or losses) under ICANN's UDRP, where he was found to have domain names confusingly similar to a trademark, he's been fined almost $2m, had further monetary damages found against him, and been arrested.
Generally, the usage needs to be within the same industry or product category. It is unlikely that people will confuse SiteFinder with your site.
Most of Zuccarini's 5000 + names don't point to competitors, yet he is repeatedly ruled to be illegitimate by both the courts and UDRP arbitration. Let's take an example given by John Berryhill. If I register a typosquattingly similar variant of a search engine and put up a rival search site, do you think the courts or the UDRP will find that legitimate? If not, what makes VeriSign any more legitimate for doing the same thing, or any more immune? Then again, with faux domains they don't have to agree to a clickwrap that binds them to the UDRP. Hmmm.