Slashdot Mirror
Verisign Sues ICANN Over SiteFinder
camusflage writes "Yahoo's running a story about VeriSign suing ICANN for holding up Sitefinder. Choice quote from VeriSign: 'This brazen attempt by ICANN to assume 'regulatory power' over VeriSign's business is a serious abuse of ICANN's technical coordination function.'"
What most people see is that this is just an extended version of IE's built in search that throws you to MicroSoft's search engine (which sucks), so they don't see the implications for all the REAL internet applications that don't run through a web browser.
"Straddling the sword of technology..."
Umm, they didn't tell them what they could put on a web page. What they told them was they couldn't insert a wildcard record in the .com and .net zones and redirect queries for EVERY NONEXISTENT DOMAIN in those zones to their servers, for every Internet service, not just web.
I also saw the article at CNET
Verisign doesn't run the root nameservers. They run the .com and .net TLD servers and the database for those TLD's.
> Since when does ICANN have the power to tell a business or person what they can or can't put on their page?
Since it's NOT their page. foobar4575368389.com is NO more verisign's page that it is anyone else's since the domain is not registered.
sitefinder is not the problem. The problem is the default DNS entries which redirect connections to sitefinder.
VeriSign used their access to the DNS they host *on behalf of ICANN*, to gain visibility for their sitefinder crap.
Appart from being highly unfair to search engine competition, and ethically wrong, it also brings lot of technical issues for any protocol (which HTTP is only one of them) used on the Internet.
1) Public IP addresses must be globally unique. If they weren't, routing traffic would be effectively impossible
2) Public DNS names must be globally unique. This one isn't nearly as obvious as addressing, but it's still clear once you think about it, and is even enshrined into one of the RFC's on the subject.
Given that we require uniqueness, someone has to manage the systems to check that uniqueness and dole out addresses (both IP and names). That task fell to ICANN, who have since sub-contracted that work out to other entities. But still, someone has to run the central database, or there'd be chaos.
Internet Corporation for Assigned Names and *Numbers*. IANA is subassigned from ICANN.
Frankly, they deserve to have all authority over the root servers taken away from them before they do more harm in their quest for profits.
.com and .net zones. (and the .org zone, once upon a time) And it's on those zones they are acting unilaterally. Sitefinder, when it was active, only worked on non-existant .com and .net hostnames, no others
Your comment is otherwise excellent, but this line deserves correction. Verisign does *not* have control over the root servers*. ICANN does. This is an important distinction because control over the root servers is what gives ICANN it's authority. What Versign DOES control are the so-called 'GTLD' servers, which serve the
*footnote: Verisign does, however, operate 2 of the root servers, A and J. In fact, Verisign operates them quite well, and in co-operation with the other root-server operators. But all root servers have the same data, provided by ICANN. The list of root servers (and who operates them) can be found here.
Your second paragraph effectively proves why your first paragraph is impossible. I'd refute you, but you beat me to it.
Can't ICANN just "pull the plug" and tell VeriSign to go take a hike while they find someone more competent to take care of the root DNS servers?
Yes, they can. And that's why when ICANN threatened them--back when Sitefinder was first turned on--that Verisign listened. Because, yeah, ICANN controls the root, and all authority flows from the root. (the root servers, that is)
As for your p2p root idea, well... To be blunt, it's a bit naive. First off, where does this p2p network get it's data? Remember, one of the critical ideas behind DNS is that the view is always consistent, there are no conflicting records. As in, www.exmple.com ALWAYS points to the same place, no matter who you ask. There is only one correct answer. (misconfigurations can prevent this, obviously, but that's the design of DNS). So you have to be worried about poisoning, authenticity, you have to trust this network. No current p2p network has my trust.
I give more reasons, but basically, the DNS system is set up right now with 46 root servers (count 'em). These are generally a cluster of professionally managed servers, dedicated to a single, pretty simple task: Serving the 2000-odd records in the root zone, or returning a failure. That's it. Any suggestion of a p2p network, for it to be accepted, would have to show that this proposed ad-hoc network could provide the same performance and reliability that the current system does. Not to mention re-writing all this software that assumes DNS functions in it's current state.
To summarize, sure it SOUNDS like a good plan, but for it to actually be considered, it probably has to have actual technical details. And it wouldn't hurt if it came from someone more qualified than Armchair Internet Architect, such as you or I.
Verisign has very explicit contracts for operating the TLD's and their respective nameservers.
.COM TLD Agreement which specifies that they must comply with the IETF RFC's, and probably are similarly in violation of their other contracts.
They are in violation of the part of the
1) Public IP addresses must be globally unique. If they weren't, routing traffic would be effectively impossible
Incorrect. Addresses need not be unique at all,
Indeed one can make very good use of non-unique addresses. Quite a few of the IP addresses for the root DNS servers (eg those operated by ISC) are assigned to multiple different computers, diversely located geographically. Go google for "anycast". The 6to4 relay service also uses a public, non-unique address (ie anycast) for the 6to4 gateway.
Any stateless network service can be deployed using anycast addresses.
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
Tim
Oops, here's the actual link.
Forbes CEO Approval Ratings