Verisign Recommended to Keep .com & .net

An Anonymous SAIC Employee writes "The 'independent' company hired by ICANN to advise them on who should run the .com and .net registry has recommended that Verisign (fact sheet) should be chosen to continue to run the registry. Is it any surprise? Telcordia was owned by SAIC (Fact Sheet) during the time the study was conducted. SAIC bought Telcordia (fact sheet) (then Bellcore) in Nov. 1997 and sold it March 15, 2005. Network Solutions was bought by SAIC in 1995 and sold in 2000. Also, Telcordia worked with Verisign on the ENUM project. Is the fox guarding the hen house?"

Exactly...

[ral315]

Why would we honestly expect any different? Anyone who actually read into the situation expected VeriSign to get the contract, and it looks as if that's what's going to happen now.

Depends on what their contract says

[dmoen]

I wouldn't mind this, if Verisign's contract was amended to prohibit domain-typo hijacking, and more generally, to require them to remain compatible and RFC compliant. And I would want those same contract provisions regardless of who runs .com and .net.

Doug Moen

Re:Depends on what their contract says

[toddbu]

Yeah, but the problem here is they serve both as a registrar and keeper of the registry. The only way to get rid of this problem is to split the two functions and prohibit one single company from doing both job functions. Kind of like the U.S. Mint - if you don't know how to make the paper *AND* the ink then you can't print your own money (unless you own a laser printer :-)

Re:Depends on what their contract says

[godless+dave]

But if there are other companies who want the contract, why not give it to one of them instead of to a company with a proven track record of misdeeds and dishonesty.

Re:Depends on what their contract says

[Antique+Geekmeister]

The contract wasn't amended. Fortunately, Bind and most other fully capable DNS servers were tweaked to disallow this nonsense within days of Verisign trying it. Unfortunately, it's the little home and small network setups of DNS that will suffer from the re-routing when Verisign tries it againi.

Remember, that little stunt gave Verisign not only lots of salable traffic data about mistyped URL's, but it allowed them to route other people's mis-addressed email to their own mail servers. The stunt was very nasty and very dangerous.

Sitefinder

[Uber+Banker]

Isn't hijacking every and any unclaimed URL for company profit while providing no public service in an organisation whose very objective is a public service reason enough?

Re:Sitefinder

[CSMastermind]

And what makes you think another company wouldn't do the exact same thing?

All that's a reason for is the government to instuit a better set of regulations about how the assignment of URLs will be done.

Re:Sitefinder

[fimbulvetr]

Which government?

The U.S.A.? Hahahahahaha. Hahahahahaha. Hahahahahaha.

You have to be out of your mind!

Uh oh

[ravenspear]

Something tells me the submitter of this story is in violation of his NDA. Maybe he should start looking for a new employer.

Re:And this is different how...?

It's a good thing we are all paying that ICANN tax. They sure know how to accomplish things.

Not surprising

[Jailbrekr]

Virtually every company in the IT world is connected to each other. Its like a big stupid beowulf cluster of beaurocracy that uses IPX instead of IP for its communciation protocol.

Welcome to the techo-appalachians, where everyone is related to everyone else in some manner.

Re:Whats all the fuss about?

[Wesley+Felter]

Why all the fuss about who should administer these? Is it doing any difference if it's Big Corporation A or B?

Yes, because some people would drop the price to $2/year if they were in charge. It's a small difference in absolute dollars, but the relative difference is huge and exposes how much VeriSign is overcharging.

Also, VeriSign has a bad habit of implementing evil stuff like SiteFinder, although other companies would be likely to try the same thing if they were handed a monopoly.

So What

[pHatidic]

This is just a recommendation. I have full faith that Joi Ito and the rest of the board will make the best decision when the time comes.

Re:Why change?

[Desert+Raven]

because we know if someone else takes over, the internet will go down for at least a week

You mean just like it did when .org was transferred?

Oh, wait, nevermind....

Simple question: If not them...

[dark-br]

who else?

If there's not another option that is *much* better then the current one why bother? Keep in mind that a change like this could result in a *real* mess.

Re:Simple question: If not them...

[Just+Some+Guy]

who else?

Anyone.

Keep in mind that a change like this could result in a *real* mess.

Ahhh, so you've never personally dealt with them. OK, here's the short answer for people who've never experienced that dishonor:

It would be darn nigh impossible to screw up anything worse than Verisign. They are absolutely, positively the worst "the problem must be on your end" pack of frickin' screwups ever to bungle network management. Network Solutions? Only if the problem is "I have too much money and time - please help me blow it on getting my domain back from the hijacker you gave it to without asking me first". I would give the job to Microsoft before I'd willingly let Verisign have another crack at it, and that's not something I'd say lightly. If they built cars, people would have died in the Verisign Pinto. They're the New Coke of networking, and I'd swear Terry Gilliam had a crystal ball and based "Brazil" around their bureaucracy.

It. Can't. Get. Worse. This is it. You're looking at it. The lowest common denominator is carrying the treasure. People hate them so much that they built entire alternative DNS hierarchies to fix the theoretical disasters that Verisign somehow managed to drag to life. I'd buy a SCO Linux license before I'd pay Verisign to register another domain.

As I posted to this same topic on technocrat...

[the_rajah]

yesterday.. "Verisign is right up there with MS and Intuit in my list of evil corporations. All the dealings I've had with Verisign / Network Solutions as a registrar have been nothing but a huge hassle. Please get someone who we can trust. I don't use them at all any more. Godaddy is a LOT less expensive and their telephone support is nothing short of wonderful. Disclaimer: I have no financial interest in Godaddy, but I do have some 90 domains happily registered with them.

"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain

Why is this still centralized?

[MrDomino]

I honestly find it hard to believe that a single entity can maintain control over such a large part of the Internet for so long a time; in the net's early days, a centralized domain registry might have been acceptable, being that it was a small thing and the overhead to implement anything more advanced would've outweighed the benefits. Now, though, with the Internet the size it is, I honestly think that something better needs to be in place: get rid of this central-domain-registry crap. Whoever's in charge of it--Verisign, Microsoft, even Google--is going to profiteer to some extent, simply because that is what companies do.

If you ask my opinion, a decentralized system would make much more sense here. Store addresses in a Kademlia network or something; allow anybody to register a domain name, and it'll propagate as it's accessed. With a PGP-like trust system implemented, there need not be a central registry anywhere. The only way to prevent abuse of such a large monopoly is to prevent any single entity from controlling it, and the only way to do that is to decentralize the process.

Re:Why is this still centralized?

[violent.ed]

Decentralization comes with its pros and cons. Amongst the feudal corps its in more of a "trustworthy" hand than in just anybody/everybodys.

when i hear "the only way to do that is to decentralize the process" i think of p2p.. sure its nice, it will live long & prosper. but its easy to taint.

"allow anybody to register a domain name, and it'll propagate as it's accessed." sorta reminds me of irc channels, sure you can reg it, but guess what. who the hell do you complain to when there are no IRCops to complain TO. which raises another point.

what happenes when it all becomes a big mess? where is the DIFINITIVE, AUTHORITIVE source for the "RIGHT" answer? and do you think that a 10, 5, 1 day old backup is enough to restore order to the chaos that would amass? do you know how many domains are registered/expire in 1 day? much less 1 hour? (man i hope you dont, at least for my point anyways hehe) i sure dont. can we say "sue"? can you tell me who to sue? then again, you have your homepage/business and then one day the dns gets tainted... now www.tobyshardware.com (not regg'ed btw) points to www.tubgirlmeetsgoatseman.net .. lets see you wiggle out of that one when your grandma (or DAUGHTER) goes to find out what new toys they can order.

which goes back to who do you shoot? i would say, in this case, yourself... because you voted on decentralizing the domain registry :P

Re:Why is this still centralized?

[MrDomino]

Amongst the feudal corps its in more of a "trustworthy" hand than in just anybody/everybodys.

So you're saying you'd rather have a group of complete strangers whose only motivation to protect your rights is to avoid getting in trouble control what websites go where than a group of your own self-selected, trusted friends (a la PGP)?

when i hear "the only way to do that is to decentralize the process" i think of p2p.. sure its nice, it will live long & prosper. but its easy to taint.

You're thinking of projects like Kazaa, I presume; those quite obviously are easy to manipulate and break, because they were designed with (poor|no) trust management system; any jackass can put whatever he wants on the network and it's given equal priority to everybody else's stuff (much, I might add, like the current domain registration scheme: you can register a domain, then completely ignore it, and it will still be held just as important as, say, slashdot.org in the system). In this hypothetical decentralized system, domains that are accessed regularly will propagate more through peoples' address books and be more reliable. One possible flaw that might be noticed here is that this would seem to suggest that only big sites would have stable domains; with a web of trust scheme in place, though, a site with a very small userbase who all trust each other can exist among that userbase indefinitely.

"allow anybody to register a domain name, and it'll propagate as it's accessed." sorta reminds me of irc channels, sure you can reg it, but guess what. who the hell do you complain to when there are no IRCops to complain TO.

I have no clue what you're asking here--probably because you never used a single question mark, but that's beside the point. Rephrase this in a way that makes some semblance of sense and I'll try to respond to it.

what happenes when it all becomes a big mess? where is the DIFINITIVE, AUTHORITIVE source for the "RIGHT" answer? and do you think that a 10, 5, 1 day old backup is enough to restore order to the chaos that would amass?

You're looking at it the wrong way; there will be no definitive, authoritative source, nor will there be a single "right" answer. The net will exist as a group of communities of trusted friends, meshing and interacting with each other dynamically; if a collision is produced between domain names, the one that is offered by the source you trust more will be used. In this way, community A, a group of gun nuts, can maintain that foo.com points to a site about the evils of gun control, while community B maintains that foo.com points to a site promoting gun regulation. Both communities can happily use the foo.com domain independently and both can achieve the results that they desire.

Re:Why is this still centralized?

The central registry you're thinking of is the ROOT SERVERS, which are controlled by a cabal, the same way they always were, just like Usenet. Anyone can create a set of root servers, but in practice just about everyone agrees on the same set, and that's the set your local DNS server has cached.

Verisign just controls a few non-ccTLDs, which would be irrelevant but for the fact that people like you can't distinguish them from the root, and so insist that they somehow represent the whole Internet, rather than merely a particularly cheap and tarwdry piece of it.

The ccTLD system is as de-centralised as anything could be, it's run by dozens of countries, via everything from private companies run in someone's back bedroom to huge government departments. You get your free TLD when you convince an ISO committee that you're a country, and not just a country but one significant enough that people might want to abbreviate it to just two characters. A few notable exceptions to this rule exist, particularly .uk, controlled by the UK government which was officially assigned .gb but prefers the more mnemonic alternative.

A brief observation of the UN in general session should convince you that even the medium-sized countries of the world can't agree on anything, and thus this de-centralized system is protected from any conceivable abuse. If the Russians and Americans gang up to ban bad language, or prohibit all mention of Viagra, you can go to the Chinese, or the Swiss, or the Australians, and plead your case to them. If Belgium is charging you too much for example.be, get a better deal from Finland for example.fi

Here's a concrete example. A regular Joe who bought donkeyhats.co.uk in 1997 would have been given a cryptographically secure DNS upgrade facility by the incumbent monopoly DNS provider to the UK government. Black hats wanting donkeyhats.co.uk would have to resort to complicated DNS-server shenanigans to wrest it away even temporarily, and Joe would never have needed to resort to court action to retain it. However if Joe had bought donkeyhats.com, run by Verisign, he'd have no choice but to constantly check that it hadn't been taken over by Black hats, because Verisign's security is totally laughable. In some crazy recognition of this Verisign invented a new policy not long ago - now they tell everyone that all domains are free for the taking, unless you set a "locked" flag which forces you to negotiate with your registrar if you ever need to change providers.

So what's crazy is not that Verisign are allowed to continue running .com, but that people still love .com so much that they'd rather waste a huge quantity of money for inferior service than choose any of the alternatives.

Re:Why is this still centralized?

[mrogers]

Two words: domain squatting. If names were free, what would stop someone from writing a script that generated and registered names as fast as their network connection would allow? If the system doesn't allow duplicates then a single squatter can register all trademarks and dictionary words in a matter of seconds; if duplicates are allowed then names are longer a convenient, reliable way of referring to a particular machine, and the system is worse than useless because of the possible abuses. Namespaces have to be centralised. True, it's dangerous to put infrastructural monopolies in the hands of a single company - the traditional solution is government regulation or even nationalisation. Maybe it's time to think about retiring the international TLDs like .com, .net and .org in favour of the national TLDs, which can be regulated in a more-or-less democratic way.

Not very insightful..

[beldraen]

First of all, there is more to domain names than just registering a name. You obviously believe in first come first serve, but the American economy is not a free economy. It has command elements to protect against fraudulent acts, malicious content, and trademark disputes. Secondly, a decentralized system only works on the merits of the people wanting it to work. Just look at Kazaa and the music war there. Most of the music is poisoned. Do we really want domain name wars when one hot-headed tech gets pissed at another group and decides to flood the DNS with garbage? Have you ever looked at the number of newsgroups that exist solely because some yucko wanted to have alt.vampire.bite.flonk.flonk.flonk? A decentralized system can easily accept additions, but they are often difficult to remove entities.

Originally, DNS was purely handled by your HOST file. The number of DNS entries is a non-trivial amount. It was centralized to help us out. After all, it is amazing that people do not charge for such a necessary service. Do not confuse in theory and in practice. In theory, the system is a good design. In practice, we have not put the political pressure to lawmakers to force DNS host to operate solely to RFCs. That is to where anger needs to be vented.

bill gates loves open source

[master0ne]

is it just me or is the headline to this story simmilar to saying "bill gates lovers open source, because he worked with steve jobs, who loves company x, who donated to company y, who pressed a law suite aganst sco, for alleged copyright infringment, because sco is suing linux users, who it claims stole their code."?

Re:NetSol

[cpghost]

Running the DNS isn't rocket science

Yes, indeed. The whole registry infrastructure could be put up together from open source components that already exist. The servers could be secured and managed just like every other servers. There's nothing at all magical about it.

The real challenge for a registry is not technical. It is a major administrative and legal undertaking. One person was able to manage the whole .za domain from their basement, but .com and .net are a little bit larger and a tad more volatile.

ohthankgod

[rs79]

1) Sitefinder: At the time NSI did this two doezen other cctlds did this. NSI's point was "hey, either we can all do it or nobody can". That doesn't seem unreasonable to me.

2) .net rebid: Have a look inside all the facilities that bid on .net and tell me you'd have picked someplace else. I dare you.

3) Location location location: Like the US govt was gonna let .net outside the the borders of the US. Good one.

Frankly I sleep a bit more easy about my 3 .net names now. (Hows that funky .org whois workin out for ya?)