Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN Study Slams Verisign

Posted by CowboyNeal on from the not-surprising dept.

Dinglenuts writes "ICANN has just released what I'm sure is a completely neutral and unbiased report, condemning Verisign's Sitefinder service for running afoul of 'community standards and caus[ing] harm to individual users and enterprises.' Seeing as how ICANN is currently being sued by Verisign for making them take down Sitefinder, this opinion can be considered less than revolutionary."

6 of 138 comments (clear)

  1. The dangers of money and power by xonen · · Score: 5, Interesting

    It is the same as with dictators.. Any company that grows big and has influence must take very good care not to abuse it. I donnot have to give names, and some companies even believe themselves they have 'best intentions'.
    But on-topic: i think verisign should loose there license. They have proven they cannot be trusted as independent tld maintainer.

    --
    A glitch a day keeps the bugs away.
    1. Re:The dangers of money and power by blowdart · · Score: 5, Insightful

      But ICANN is not much better. They have no accountability, refuse to reform, their meetings are basically junkets to somewhere expensive, and they try to gouge registrars for $15.8m for next year, double the previous years. Lets also not forget the fiasco that was the ICANN At Large, where the directors users voted in where quickly thrown out when they tried to represent user viewpoints.

      Oh, and the too great an influence the US government has on ICANN.

    2. Re:The dangers of money and power by Anonymous Coward · · Score: 5, Informative
      ICANN is so important there's even a site solely devoted to watching it, icannwatch.org
      Our premise can be simply stated: The Internet is a global resource of incalculable value, and nothing is of greater importance to its future than the way in which ICANN performs its role as manager of the Domain Name System. All Internet users worldwide have a stake in these ongoing events, and our job is to serve as a central point of reference, a kind of hill overlooking the often-chaotic information landscape, from which anyone seeking a better understanding of these developments can survey the ever-changing terrain.
  2. Re:Some things aren't meant to be for-profit. by timftbf · · Score: 5, Interesting

    Be careful with the registry / registrar distinction.

    I'm all in favour of lots of for profit, for free, for the common good, for great justic registrars, as long as they meet some basic technical standards for interfacing with the registry and generally not breaking stuff.

    The registry, on the other hand, should be run by a non-profit that understands the Internet and can run it for the common good.

    Regards,
    Tim.

  3. Re:They're still trying to d this? by csk_1975 · · Score: 5, Interesting

    I simply had my dns cache resolve verisign.com addresses through my local dns server... problem solved

    The way sitefinder worked was that Verisign wildcarded the whole .com and .net TLDs so that instead of getting an NXDOMAIN response when doing a query for a non existent domain you got the IP of the sitefinder website. Resolving verisign.com addresses was not the issue.

    Yes there was a way to patch BIND and many other DNS servers so that the wildcarding didn't work and the proper NXDOMAIN reply was given for non existent domains - but simply redirecting requests for verisign.com addresses to your local cache would not have helped.

    The sitefinder service personally bit me when I wasted hours tracking down a fault after I mistyped a domain name into a system which was using port 20000. Instead of getting NXDOMAIN and a simple to fix problem I was getting connection refused - it was not until I put a packet sniffer on the link (after hours of stuffing around) that I noticed that traffic was going to the wrong destination - verisign's then two day old sitefinder "service". But I had no idea that the wildcarding had been done. After fixing the problem and typing in the correct domain I then tried to fix my DNS to see why it was returning this IP instead of NXDOMAIN. Further fault finding led me to discussion in some newsgroups about the wildcarding.

    Needless to say this pissed me off no end and I immediately blocked access to the sitefinder IPs at the border router and then when a patch was available for BIND I installed it on all my servers.

    Verisign needs to remember that PORT 80 IS NOT THE INTERNET.

  4. Re:Sitefinder WILL be reintroduced by gclef · · Score: 5, Interesting

    While you're probably right, what ICANN's trying to prevent is the arms race that reintroducing Sitefinder (specifically the DNS wildcard) will cause.

    If the wildcard comes back, you can count on ISPs and software companies building their own overrides for the service (some to prevent it from happening, some to point their users to their service instead). Then, of course, Verisign will modify their system to compensate, etc, etc. That arms race will almost certainly affect the stability of the system, so ICANN's trying to keep it from starting. If that takes getting a court-ordered shutdown, I think they're prepared to take that route.