Slashdot Mirror
ICANN Study Slams Verisign
Dinglenuts writes "ICANN has just released what I'm sure is a completely neutral and unbiased report, condemning Verisign's Sitefinder service for running afoul of 'community standards and caus[ing] harm to individual users and enterprises.' Seeing as how ICANN is currently being sued by Verisign for making them take down Sitefinder, this opinion can be considered less than revolutionary."
It is the same as with dictators.. Any company that grows big and has influence must take very good care not to abuse it. I donnot have to give names, and some companies even believe themselves they have 'best intentions'.
But on-topic: i think verisign should loose there license. They have proven they cannot be trusted as independent tld maintainer.
A glitch a day keeps the bugs away.
The next meeting, which starts Monday, features a workshop aimed at bridging the gap between ICANN and the United Nations, which is becoming increasingly interested in Internet governance.
The UN getting interested in governing the net?
Well, it was fun while it lasted. I'm off to spend the last few weeks of internet existence with the badgers.
ICANN's SSAC came up with the right answer with respect to Verisign's "Sitefinder" but they did so using a method that contains the seeds of an even greater danger to the net: unprincipled and subjective condemnation of change on the net.
m l
See my note on this at http://www.cavebear.com/cbblog-archives/000108.ht
What really needs to happen is that domain registration and management needs to be handled by a non-profit organization, so they don't have as much of an incentive to screw with stuff. I'm not convinced that registrars like Verisign should even be allowed to exist.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The advantage of having the browser deal with it is that I can turn it on or off (or even customise it) and that it doesn't affect anyone else. The higher up the chain you make the changes, the more people and things you affect.
Talking of error messages, Verisign does have a point when it comes to Firefox. I find their error messages really rather poor (that is, the ones that the browser shows once you've dug out the option from the bowels which really, IMO, should be on by default).
If I submitted better formatted and more informative descriptions for them do you think they'd even consider it? Or is it handled a different way?
Avantslash - View Slashdot cleanly on your mobile phone.
I simply had my dns cache resolve verisign.com addresses through my local dns server... problem solved
.com and .net TLDs so that instead of getting an NXDOMAIN response when doing a query for a non existent domain you got the IP of the sitefinder website. Resolving verisign.com addresses was not the issue.
The way sitefinder worked was that Verisign wildcarded the whole
Yes there was a way to patch BIND and many other DNS servers so that the wildcarding didn't work and the proper NXDOMAIN reply was given for non existent domains - but simply redirecting requests for verisign.com addresses to your local cache would not have helped.
The sitefinder service personally bit me when I wasted hours tracking down a fault after I mistyped a domain name into a system which was using port 20000. Instead of getting NXDOMAIN and a simple to fix problem I was getting connection refused - it was not until I put a packet sniffer on the link (after hours of stuffing around) that I noticed that traffic was going to the wrong destination - verisign's then two day old sitefinder "service". But I had no idea that the wildcarding had been done. After fixing the problem and typing in the correct domain I then tried to fix my DNS to see why it was returning this IP instead of NXDOMAIN. Further fault finding led me to discussion in some newsgroups about the wildcarding.
Needless to say this pissed me off no end and I immediately blocked access to the sitefinder IPs at the border router and then when a patch was available for BIND I installed it on all my servers.
Verisign needs to remember that PORT 80 IS NOT THE INTERNET.
While you're probably right, what ICANN's trying to prevent is the arms race that reintroducing Sitefinder (specifically the DNS wildcard) will cause.
If the wildcard comes back, you can count on ISPs and software companies building their own overrides for the service (some to prevent it from happening, some to point their users to their service instead). Then, of course, Verisign will modify their system to compensate, etc, etc. That arms race will almost certainly affect the stability of the system, so ICANN's trying to keep it from starting. If that takes getting a court-ordered shutdown, I think they're prepared to take that route.
> Google has, and continues to do so, proven that doing the right thing can bring commercial reward and brand loyalty.
You nor I know what Google is really upto.
I'm not using their gmail service, and not using Orkut for a number of reasons, all of which come down to me not liking it when a company, regardless of which company, gets interested too much in my social activities and contacts.
Are they evil with it? I don't think so, but the issue is also that they don't have to be evil for it to go wrong anyway.
The simple problem is that in the end, they are bound to have too many conflicting activities, and will screw up without any intention of doing so.
Oh, and I do use their search and advertisement services, don't get me wrogn here, so far they have definitely shown to be a decent company, and its not like they don't deserve my business or such, but a s a matter of principe I do not want companies to try stick their noses into my private life too much, the risks of it going wrong are too big even when all involved do have the best intentions... What happens when the company gets bought out or merges with another one? or goes bankrupt? or what if there is some employee there who decides he wants to make a point???
Way too much can go wrong, and the more power you collect in one place, the bigger the chance that it will go wrong in a horrible way...
Fine, but without my data.
People who used Verisign's Web-based domain name search got their domains hijacked more often than not. It happened to my stepbrother, along with a number of other people I know. The sleazeballs didn't even *try* to make it look legitimate: from lookup to hijack took around a dozen hours.
As my friend in the Army said: "Once is happenstance, twice is coincidence, three times is enemy action".
Veritas delenda est.