Verisign's SiteFinder - An Engineer's View

ixs writes "CircleID has an interesting article by David Monosov about Verisign's plans to reintroduce Sitefinder. The article presents the thesis that the Internet engineering community is partly to blame for Verisign's ability to mess with the .com and .net root zones. According to the author we spend too much time with our systems and not enough with politics. The writeup was previously posted to NANOG and received a favorable response from Paul Vixie."

ICANN?

[autopr0n]

ICANN threatened to sue them, and 'revoke' their registry status last time, and they relented. Is there any indication that ICANN intends to do the same thing again? My guess is that Verisign isn't as stupid as SCO and wouldn't go forward with this if they thought they would lose out on what's basically a huge free money engine over this. Have they made a deal with ICANN? Do they think they can win, and own the entire domain system for .COM and .NET, ICANN be damned?

I mean, if they can get away with this, what's to stop them from doing things like shutting out other registrars, etc?

Re:ICANN?

[superhoe]

I still keep on wondering how much these certain companies like SCO and Verisign will win in the long run (via their corporate image) by introducing this new 'corporate world bully'-type to the general public.

Re:ICANN?

[qewl]

Hehe, I think I'm alone, but I liked Sitefinder because it tripled traffic to my site for a while- www.humans.com. So many people were looking for domains with humans and were directed to my page which has nothing even to do with science.. I just wish they would take the ads off.

Re:ICANN?

[mikedsmith]

Well, IMHO they will lose a lot of respect and good image in some communities (i.e. SCO with the Open Source movement), but in other communities, almost none at all. For example stock traders love it, they earn bucket loads of money from it. The average Joe doesn't care and doesn't know that Verisign is ruining DNS for everyone and making money out of it.

Unfortunately companies doing bad things, often get noticed only by small pockets of people. If they don't stand up and talk, no one even bats an eyelid.

Re:They shouldn't draw attention to themselves

[Clinoti]

No, what Verisign does understand is (sorry) the Microsoft model of monopoly, where a broad presence pillows the muffled cries of an infant industry. (I digress, I know the age of the net.)

What Verisign will learn is that the kid has already gone outside into the world and cannot be kept under thumb.

Also, does anyone remember, speak of the devil, Microsoft's viewpoint on this? They essentially do the same thing on the lower level with default browsers for their search engine. Any insight?

Distributed Decentralized DNS using JTXA

[joelparker]

There's an interesting proposal & implementation
for a distributed decentralized DNS using JXTA,
which is the Java peer-to-peer framework.

The basic idea is to trust your peers,
rather than the centralized system now.

Of course that raises all kinds of questions;
still it's compelling to consider the approach.

The O'Reilly introduction is HERE

Cheers, Joel

Re:A Solution

How about it, folks? Shall we set up some high-quality donation-supported DNS servers and ignore everyone else? OpenNIC seems to be doing pretty well with a half-assed setup. If enough people got exceiting about this, it could entirely replace the existing infrastructure. It seems like a moderate redesign of the DNS system should happen first, though, to prevent future abuses like this.

I'd pay $10/year for good no-nonsense DNS service, and I think I could talk my company into $10/year/workstation if there was a good public image for it ("DNS 2.0! Better than before! More stable and secure! Independent! Enterprise-ready!"). How many people would have to do that to support it?

I kind of like SiteFinder

Sometimes I misspell URLs and I actually *like* having a service that attempts to find the site I'm looking for.

I'm not saying that people who are against it are anti-capitalist or anything, but they certainly are a bunch of knee-jerk reactionists.

Monosov

Did you mean Lomonosov? BTW, this translates as "break a nose's"

Re:They shouldn't draw attention to themselves

[Carewolf]

but the meat in big mac is not meat for the most part but only "meat". In the 90s they lost the right to call it beef-meat in the EU since it didnt contain enough beef to qualify (they could still call it mixed meat though).

Why have non-country specific TLDs at all?

[Willbur]

Just throwing out an idea... There has been a lot of talk about whose laws should apply in cyberspace. One thought is that maybe it should be made explicit whose laws are applying by making the country explicit in the domain name. Ditch all .com, .org, .net, etc domains and just keep the country top level domains.

As an ease of use measure you could make .com redirect to .com.us in the US, .com.au in Australia, etc. Those names would only be useful as shorthand for people to type and would be deprecated as published URLs (because they would no longer mean the same thing everywhere).

When I access a .us site from Canada, the same laws apply as if I poked a stick over the border while standing in Canada.

Moreover, it removes the problem of VeriSign playing with the TLDs (at least for the rest of the world, I don't know who administers .us).

Pity it'll never happen.

Re:Why have non-country specific TLDs at all?

[cpghost]

Many multinational organizations and companies wouldn't be happy to be forced to use ccTLDs. Heck, even some individuals would be upset, because they see themselves as world citizens, rather than belonging to a country (and I'm not even talking about people with multiple nationalities). Forcing ccTLDs as IMHO a Bad Thing(tm).

Re:Not wrong, but naive

[humankind]

The suggestion that the generic TLDs should be administered by a non-profit organisation (with international representation, I would add) is entirely reasonable and seems like the Right Answer.

In theory it sounds good. However, in practice, I can't say I've ever come across a well-organized non-profit that wasn't constantly having to sacrifice its ideals to stay afloat, or wasn't teeming with epic ego-battles among the people involved.

I hate to admit it, but I think government agencies are traditionally better run and organized than the vast majority of non-profits.

Re:A Solution

[j-pimp]

I'd pay $10/year for good no-nonsense DNS service, and I think I could talk my company into $10/year/workstation if there was a good public image for it. Being the current DNS service is run on the registration fees of domain name owners, why would you need $10 a year from ever workstation on the internet. Also, how does one regulate this? By IP address? You can do some NAT Voodo and make a whole class A's DNS queries appear to be coming from one IP. Auctually, if you had a DNS server on your network that would be making all the queries to this "premium enterpruse ready" DNS root server. Sounds like this would jsut make fat cats fatter.

Veri-lame

Well now, if we are going to have urls and dns, we need someone to sit on the database of who has what assigned to where.

meet Verisign...

Ok, so we are sitting on the afforementioned database with the required info for the internet presence for millions if not billions of people,
what shall we do?

I know, lets break it all and try to break into the search engine business! Every page anyone looks for on a domain that no longer exists will be our domain!

All your leftovers are belong to verisign! ......

Now to me this just seems like an abuse of power by the people who look after the database for us.
(veri-lame)

If they had mentioned that they would do this in the future then i'm most likely we wouldn't have picked verisign to look after our data, or we would have made sure they couldn't use it as a gun to our heads further down the road.

If they were going to break all the RFC's and the like, again, we would have put blocks in place.

but instead they are free to claim they own every domain that was ever that doesn't have a paying owner right now. Not that verisign are paying to squat on that domain mind, they just control the database.

so i say again

All your leftovers are belong to verisign!

Who do they think they are? I don't want to use their substandard search engine anyway.

much more useful would be a link to the domain as it was last known on internet archive or some other internet backup site. Not whatever it is verisigns ill thought out search routines are going to return.

Re:From the Article: ISC

Definitely NO on this guy Paul Vixie and ISC if we want transparency and an up front way of running things. This guy has wrapped himself in the flag of RFC's, DNS and "the Internet" but his actions are otherwise:
This site is a little conspiratorial, but at the time many of the people in the know agreed that Abovenet and MAPS blackholed ORBS by using dirty tricks little advertising low cost (hop count) routes to ORBS and then blackholing the traffic. See here among others.
He seems fond of making everything two tiered, pay for BIND support, pay for access to the MAPS *BLs now. There was the situation where the patches for BIND were only available to those who paid. This was a huge deal at the time.
There also seems to be denials of the connections between ISC and the other money making businesses that Paul and his employees are involved with.
This is not a guy who want to share power and take the opinions of others into account, he and his companies also have a history of attacking overtly (DJB) and covertly (ORBS) people or groups who cross them. They scare me more than a bumbling giant corporation... Paul has companies/domains like Men in Black Hats and New World Order, these guys have very high opinions of themselves. I and many others would never speak out publicly against him, his employees/"volunteers" or companies because of the power they wield and their willingness to exact revenge on people who speak out against them. Those who do speak out are immediately branded as spammers or worse.
Some Paul quotes:

I am also getting ready to start work on my company's next commercial product, and it looks like a spam filtering SMTP gateway is going to be it even though I've got this drop-dead idea for optimal HTTP redirects that I've been wanting to implement for about the last 14 months. Oh well, "follow the money."

Concentration of power into a single individual: It's very true that power has corrupted every individual in whom it has ever been concentrated in the history of mankind. I do not feel that I am necessarily above whatever elements of human nature give rise to that. I worry about it. Probably other people worry about it more than I do.

There are people whose judgment I trust -- folks that have been in the industry longer than I have or maybe just as long as I have, but have done different things -- where I've learned that when they argue with me, they're usually right. And I have run what I'm doing by these people, and I'll continue to do that whenever I want any change in the way that I approach it. And if I get back some horrified stare that says, `Paul you're going to be the next Hitler; you're going to take over the universe,' I'm pretty much expecting that I'm not going to tell them that their concerns aren't justified. I am as worried about this as I think is healthy, but I'm not willing, once again, to say, `Well, because concentrating power in the hands of one person has always been dangerous, we should not attempt what we're doing.'

[here, Paul, with more WWII references, refers to the fact that he is willing to block popular ISPs or sites and how it is similar to the way that people were willing to firebomb Dresden (even though the German's thought they wouldn't), as clear a reference to "acceptable collateral damage" as possible without using the phrase] ... I think I've told the story of the firebombing of Dresden to at least a half dozen popular host resource owners in the last two years. *

Re:It's not easy

Much more useful in the event of an unregistered domain (previously registered) would be a link to the domain as it was last known on internetarchive or some other internet backup site.

Not whatever it is Verisigns dodgey search routines are going to return.

A new kind of spamming

[werdna]

If Varisign can tinker with DNS responses provided by their DNS, why can't every other downstream DNS server act in kind, when forwarding a query, taking the ersatz advertising responses from Varisign and substituting their own advertising website, or better yet, substitute the responsible "usual" behavior?

Indeed, if Varisign does this, wouldn's such a response be inevitable, for good and for ill?

What I will be most amused by when that happens are the frivolous lawsuits Varisign will raise when that happens.

This is terribly old news

[Flyboy+Connor]

It happens all the time, every time.

Engineer has an idea. Engineer implements the idea. Engineer is happy. Engineer's peers are happy. Non-engineer picks it up and uses it to get a lot of money, tarnishing the original idea in the process. All engineers are outraged.

The article states that engineers should be more aware of politics. That's bull.

An engineer that takes politics into account will accomplish nothing, because he is battling windmills. Trying to protect your inventions against corporate meddling is impossible. The problem is that those who invent simply do not have the power to enforce the "right" use of their invention. Being aware that that power lies with people who are mainly interested in squeezing money out of ideas will only make you despressed.

And there are reasons that this is the way it is. The two main ones are (1) the innovators are the grease-monkeys of the corporate and political worlds; and (2) the fact that innovations can generate money is the catalyst that allows engineers to innovate.

These two reasons lead to three possible solutions for the described situation.

Solution 1: More engineers become politicians, thereby gaining influence on law-making and getting the ability to bend the laws to idealistic purposes. Unfortunately, engineers (just as scientists and artists) do not want to be politicians. It's a frustrating job, especially if you are idealistic. If someone is only interested in money and power, it can be a fulfilling job, but I don't expect idealistic law-making from such a person.

Solution 2: Engineers refuse to work for corporations and develop their ideas for themselves. Unfortunately, this will mean that they do not have the funding to work on their interesting ideas, and even if they succeed, a big corporation will notice them and run away with them.

Solution 3: Engineers do not create inventions that can be or need to be exploited for money. Translated: Engineers won't innovate at all.

Conclusion: All three solutions won't work in practice. Since that is a depressing thought, perhaps you better not read this comment.

Too late.

Re:This is terribly old news

[0x0d0a]

That was brilliantly written -- the prose and the logic were good.

Of course, since I'm responding, I don't think that the logic is perfect. :-) Not all politicians are purely greed-motivated. You just need to get someone in place that is willing to do something that may make a bit less money for them but that is a Good Thing. Sure, maybe just about every politician makes a money-driven decision every now and then, but I suspect that for most politicians, not every decision is money-driven.

This is how a lot of good things happen. You just need to make the most of those non-money-influenced decisions.

I'd like to see a couple of governmental technology advisory boards that consist *entirely* of PhDs from universities -- people that are *not* ex-CEOs and are less likely to have old business buddies that they're willing to do favors for.

The gloves are off, in case you hadn't noticed

[hqm]

Stratton Sclavos, the CEO of Verisign, must be Darl McBride's secret twin brother, because he is using exactly the same lies, FUD, and ad-hominem attacks against the Internet technical community as SCO is using against the free software community.

There is an interview with Stratton Sclavos,CEO of Verisign, at http://news.com.com/2008-7347-5092590.html

Here are some highlights of the Q&A which particularly make my blood boil. This guy is both doing a smear campaign against the opposition to SiteFinder, and either has such a warped understanding
of how Internet protocols are developed and operate that he is incompetent to be in charge of the root DNS for .com
, or else he is a cynical liar. I believe the latter is the more likely. His comments about a "cultural divide" are true, but not
in the way he intends. The cultural divide is between the fair, decent, ethical, and technically responsible people and
the people such as himself.

*
*

*After a couple of weeks on the hot seat, VeriSign CEO Stratton
Sclavos is turning up the fire on his company's severest critics.*

*The Site Finder controversy /You temporarily suspended Site Finder in reaction to widespread
criticism. What's the next step? /*

The reason Site Finder became such a lightening rod is that it goes
to the question of are we going to be in a position to do innovation
on this infrastructure or are we going to be locked into obsolete
thinking that the DNS was never intended to do anything other than
what it was originally supposed to do?

Still, a lot of people in the Internet community were quite
surprised by Site Finder--and then you had complaints surfacing that
it was not complying to approved standards.
Let's break the argument down: The claim that Site Finder was
nonstandard and that we should have informed the community we were
doing something nonstandard--excuse me: Site Finder is completely
standards-compliant to standards that have been out and published by
the IETF (Internet Engineering Task Force) for years. That's just a
misnomer. The IAB (Internet Architecture Board) in its review of
Site Finder said the very same thing--that VeriSign was adhering to
standards.

What we're seeing are predetermined opinions masquerading as
processes where the outcome is predetermined.
The second claim, that we brought it out without testing--Site
Finder had been operational since March or April and we had been
testing it with individual companies and with the DNS traffic at
large. Ninety-nine percent of the traffic is pure HTTP, and so it
handles it the way it should. Just so you know, our customer service
lines went from 800 or 900 calls on the first day to almost zero
right now. Every customer who had a Site Finder issue, the
remediation took less than 12 hours. ...
*You temporarily suspended Site Finder in reaction to widespread
criticism. What's the next step? *
The reason Site Finder became such a lightening rod is that it goes
to the question: Are we going to be in a position to do innovation
on this infrastructure, or are we going to be locked into obsolete
thinking that the DNS was never intended to do anything other than
what it was originally supposed to do?
*
You're hinting at a cultural divide? *
I think that there is. I don't think it's an intentional divide, but
it's drifting apart of the day-to-day usage from the folks who did
great steward's work in the early days and were asked to define all
the standards to make it work.

*And those are the people who still dominate the standards bodies? *
They're speaking out of both sides of their mouth right now. It's
not OK to say standards are important, un

Competition

[wonkavader]

The problem with Verisign is that they're a monopoly.

They can hold us over a barrell and all we can do is sue them. We've seen how long lawsuits take. A week of we're-screwed-time is too long.

While it would take forever to get every incompetant sysadmin to change root DNS servers, the bulk of us could be changed over in days.

We just need

A. someone to do it (set up new root servers and maintain them)

B. a massive insult and pain in the ass like the reinstitution of site-finder to prod sysadmins into changing over to them.

Versign would still own creating domains, but a clone could be actually serving the info. Talk about embarassing for Verisign. They'd sue immediately and the civilians would learn about this quickly.

When it all comes down to it, such a new root server provider could say, "I'm takin' my ball and..." creating new top levels? censoring sites via domain expiration? splitting the list off entirely, creating an Internet-prime? Telling ICANN to shove it? "We are, after all, just an edge service which people use by choice. PETA.com stays People Eating Tastey Animals on our servers. Screw you."

And if the community didn't like it, someone else could do it all AGAIN. When you set up an Internet connection, you'd say, which one do I want to be on? (Logically, not physically, of course.)

It would be both horrifying and interesting. And after some chaos, order would be restored in the form of a ROOT server authority with the oversite of a smarter overseer (one hopes).

I would hope that a public entity would do it, someone who is interested in the Internet being open, but a private entity would do, too. Hey, GoDaddy, do you hear oportunity knocking?

Re:OT: Your sig

[red+floyd]

my main problem with the Pledge of Allegiance is that my allegiance goes to the Constitution, not the flag.

I had that problem as well for a while. But the key line there "And to the Republic for which it stands".

And with any luck, the Ninth Circuit will be upheld, and "Under G-d" will go away.