Slashdot Mirror
VeriSign Wants Ability To Suspend Domains Without Court Order
GeorgeK writes "VeriSign, the monopoly registry operator for .com/.net domain names, has submitted a proposal to ICANN (PDF) describing an 'Anti-Abuse' policy. If allowed to proceed with such a policy, they would become judge, jury and executioner, with the ability to suspend or even cancel alleged 'abusive' domain names without due process for registrants. The proposal even recognizes that legitimate domain names may be taken down improperly, and offers a 'protest' procedure. However, VeriSign does not appear to offer any ability to protest an accusation of abuse before the suspension or cancellation. They intend to 'shoot first and ask questions later.'"
I'm sure they will offer a service where your domain is "Pre-Verified" and not subject to abuse takedowns... For $1,000 per year, of course.
The ______ Agenda
Don't forget to pay your $299.99 VeriSign Domain Protection Reactivaton Fee, you cocksmoking teabaggers!
You just have you realise that Goverment and Corporations are actually the same thing, then your job becomes easier.
A DDoS or a petty "doxing" would be boring; but my schadenfreude lobe would be pulsating with happiness if their private signing key(s) were to make their merry way into the world.... Can you imagine the mayhem?
Well then, a reasonable compromise to limit the potential for collateral damage might be a rule that makes it impossible for them to suspend a domain that's been registered in good standing for more than a year without full due process, and provides a way to register a domain quickly, but subsequently complete a more exhaustive registration process that -- when completed -- immediately grants the domain the same protected status as one that's been around for more than a year.
That way, they can still nuke botnet command & control domains, but somebody whose domain has been around for more than a year (OR who has completed the more time-consuming registration procedure) could sleep at night knowing that Metaphorical Judge Dredd isn't allowed to touch THEIR domain. It wouldn't completely eliminate collateral damage, but it would eliminate the overwhelming majority of situations where a legitimate domain owner could suffer financial damage due to a careless or hasty employee somewhere.
How are we supposed to know which threat to focus on dammit!
Don't. Build the distributed replacement for DNS.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
They intend to 'shoot first and ask questions later.'
This is helpful for potential malware/virus/etc sites - take it down NOW and address afterwards. As long as the ones taking the deactivation move witness it themselves, it's doable.
The problem comes with reports. Let's say you get 100 reports of a domain being a nasty one in a 5-minute period of time. You just *wham-bam* take that domain down without looking at it and you could have just been the worst link in a staged act chain.
I'm not trying to be an ass, but I'm posting what I witness daily: Everyone wants to save money, including big companies. If VeriSign were to have this ability (along with other TLD registrars), then they will likely want to automate everything they can. See paragraph 2 above.
Add in the fact that they'll probably start slipping forced arbitration clauses in their contracts like a lot of companies are doing and I can't see this going wrong at all
You can be a monopoly. It's not illegal.
It's illegal to abuse monopoly status, though.
Paranoia is a Survival Trait!
Thanks for accepting the article. ICANN is still reviewing the proposal. If folks share my concerns, please do send them your comments by emailing registryservice@icann.org (from the top of ICANN's Registry Services Evaluation Process page). You can view comments by others here. EasyDNS has submitted their concerns too.
At a minimum, they should open up a formal 30 day public comment period that is widely advertised, in order that domain name registrants can be heard.
I was the network guy for a small ISP when Verisign introduced Site Finder. Believe me, at that point my boss and I decided it couldn't be worse if Satan was running those TLDs, and we weren't quite sure if it wasn't Satan running them.
The world's burning. Moped Jesus spotted on I50. Details at 11.
IIRC, ICANN/IANA tried to sue them out of business in the late 1990s when they partially screwed up DNS (replacing NXDOMAIN answers with their "domain finder" landing page). VeriSign won in the last second using legal tricks and soon made friends with similar minds in the US gov. Since then they grew rapidly and -which irony- went from rogue provider to "security provider" and even CA. Wikipedia has some very insightful articled about the "domain finder" affair.
Oh, the beautiful gloss of greality!
No it hasn't. You've just become more aware. You can trace deals like this at least as far back as the building of the railroads in the US. I believe that Britain has records of similar hijinks that go back to the middle ages. I'm sure other countries do too. They'd go back further, but corporations were invented during the middle ages. Before then, and even while they were developing, most of the slimy deals were made by individual wealthy people. Corporations didn't really become commonly dominant until after WWI, possibly as late as WWII. Before then the major problem was tycoons. And before them aristocrats.
None of them have ever been worth trusting as classes, though I'll admit that individual people were sometimes trustworthy. But that was unusual. Powerful organizations are not trustworthy. It's not money that corrupts, it's lack of consequences. You see it in corporations, you see it in politicians, you see it in police, you even see it in anonymous e-mail. It's pretty nearly universal. Some individual people avoid corruption. But it isn't what one should expect.
This is why control in civilization should be decentralized. So that people can't create for themselves "spheres of invulnerability". But this goes contrary to what everyone wants, because everyone wants a "safe space", where they can control what happens. This isn't a problem, unless that "safe space" infringes on other people.
P.S.: Anyone know a cell phone that has a white-list option? (I, too, want a safe space. A space where I can decide who is allowed to interrupt me.)
I think we've pushed this "anyone can grow up to be president" thing too far.
All true, and great for a time when John Postel was what it meant to run a registry. The RFC's didn't anticipate the kind of interference that NetSol is proposing.
There doesn't have to be namespace collisions, though. Why is it that Visa cards are all 4xxx, MasterCards are 5xxxx and Discover cards are all 6xxx? Couldn't Visa start issuing cards in the 5xxx range? Of course, but it's mutually beneficial for all of the players to interoperate. Nobody would trust a name service provider that was purposefully destructive (unless forced to through monopoly) so we would expect they'd operate in a trustworthy manner by default.
Also look at the world BGP routing table. It's all distributed, you have to earn trust to participate, and there are occasional mistakes. Even still, it lets me get these characters from here to wherever Slashdot's server are, and has proven effective, even if there's room for improvement. Imagine if everybody had to go register their routes through a single route registrar and make changes on their website.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)