ICANN Gives VeriSign 36 Hours to Pull Sitefinder

Froomkin writes "ICANN this morning announced that it sent VeriSign an ultimatum: pull sitefinder by tomorrow evening or we'll sue. Details and links to discussion of the contractual and legal issues in ICANN Throws Down the Gauntlet to VeriSign on Sitefinder at ICANNWatch." Update: 10/03 19:29 GMT by M : Verisign blinked.

Ummm...

[warpSpeed (67927)]

Go ICANN? Wow, now I am really confused... who are the good guys again?

Re:Ummm...

[WolfWithoutAClause (162946)]

who are the good guys again?

Neither. Rather, think of it like two gangs fighting over territory, in this case, control of DNS.

Re:For what it's worth...

[WolfWithoutAClause (162946)]

Yeah, well a lot of mail software relies on that, and one of the worst things about this is that Verisign is actually receiving a lot of mail that wasn't for them in the first place; they get to read, analyse and keep and it never, ever arrives where it was intended and doesn't bounce either.

Re:For what it's worth...

[Trepalium (109107)]

Yes, it does bounce, and (currently) the body of the message never makes it to verisign. The broken MTA running on sitefinder rejects any and all recipients with a 550 error. However, Verisign can change this at any time, so it's not exactly conforting (but it's still no reason to state things that aren't currently true). One thing you CAN complain about is it increases the amount of traffic to successfully bounce an e-mail. Verisign could also use it to harvest email addresses if they ever wanted to break into the spamming business (wouldn't put it past them).

220 sitefinder.verisign.com VeriSign mail rejector (Postfix)
HELO dsnjkas
250 OK
MAIL FROM: <sdnjkas@com.com>
250 Ok
RCPT TO: <sdnjkasd@sdnfjkasd.com>
550 <unknown[xxx.xxx.xxx.xxx]>: Client host rejected: The domain you are trying to send mail to does not exist.

Re:Sitefinder rejects mail

[Russ Steffen (263)]

I don't know if it's changed, but when Sitefinder first went up the smtp daemon was bouncing the mail after accepting the entire message. You'd get a bounce but they (could) have a copy of the mail.

Re:For what it's worth...

[interiot (50685)]

This has been covered thousands of times before. Quick summary:

• wacky DNS when using WWW/HTTP: some could argue it's useful
• wacky DNS when taking into account everything else: several examples of protocols that break.

Re:For what it's worth...

[cryptochrome (303529)]

That's the trouble with protocols... once they're set good luck ever getting rid of them.

The $64,000 question is, can the domain not found response be modified at all without breaking the protocol? For instance, to have older programs recognize the error, but next generation programs (web browsers mainly) be able to return useful information like possible alternatives? This would allow for smarter, more functional programs without breaking legacy apps.

Re:For what it's worth...

[Ian Bicking (980)]

Sure, browsers could recognize the DNS-not-found, and redirect to www.whatever.com?domain=www.doesnotexist.com

They already kind of do this, trying different combinations of appending .com, prepending www., and that could be expanded into a wider search. Invalid domains can be turned into search terms.

This is a UI issue, not a protocol issue. It can best solved in the UI, i.e., in the browser. And the browsers, while not always acting in good faith, have done exactly this.

Re:For what it's worth...

[bheerssen (534014)]

It's neither. It's a DNS issue. Full stop.

Here, have a loot at the IAB's point of view [iab.org]. They make a powerful case against the use of wildcarding in top level zones. The big thing is that it breaks a whole lot of protocols. HTTP isn't really that big a deal. ISPs could easily handle that in their DNS systems. Currently there are so many public and private protocols being used that nobody, not even Verisign, can properly provide for them using a wildcarding sytem, yet that is what Verisign is actually doing. And they are doing it very badly.

It increases network traffic, incurring more cost to ISPs and consumers. It makes it very difficult to present proper error codes for protocols that Verisign did not anticipate such as IRC. It breaks old protocols for which clients are not being developed but still provide a valuable function. For protocols that are still supported, it incurs higher costs for those users since the developers will need to update their software. There are so many problems with wildcarding that even the IAB gave up listing them after a dozen or so.

Re:For what it's worth...

[zcat_NZ (267672)]

You mean like how Mozilla -used to- do a google search for me if the domain didn't exist?

That's something I specifically wanted, and configured Mozilla to do. Google is rather good at guessing what I wanted when I mistype stuff.

And it's a feature that VeriSlime have now broken for me. Sitefinder is almost completely useless at guessing my typos, and the only way to get the old behaviour back is patching DNS to return NXDOMAIN like it used to.

Many ISP's in New Zealand are already running a patched DNS that ignores VeriSlime. My current ISP is one of them, but I still keep seeing sitefinder in places like the ODP editor.

Hell, that brings up another point. The ODP editor interface has various tools for checking that sites still exist, so that editors don't have to go through the tedious task of checking them all periodically. Guess how SiteSquatter affects those tools?

Re:For what it's worth...

[lightspawn (155347)]

The $64,000 question is, can the domain not found response be modified at all without breaking the protocol? For instance, to have older programs recognize the error, but next generation programs (web browsers mainly) be able to return useful information like possible alternatives?

There is NO NEED to ABUSE the DNS PROTOCOL. If you feel an APPLICATION needs to behave a certain way when an NXDOMAIN response is appropriate, rewrite the application to do that.

LOOK:

Browser/options/network (or something):

When server does not exist
[.] Display modal error message
[.] Display non-modal error message
[X] Redirect to:
[.] Domain search site A
[.] Domain search site B
[.] Domain search site C
[X] Custom search:
[ http://www.indiesearchguys.net?host=%h ]

Hey, I added value to one application without BREAKING ANYTHING ELSE! I must be some kind of GENIUS in the field of the OBVIOUS!

But that's just it..

[mindstrm (20013)]

You are SUPPOSED to be able to count on getting "DOMAIN NOT FOUND" errors.... DNS isn't google.. it's a precise, distributed database, that has served us well so far.

I have been hit by this problem already, where typos went unnoticed in scripts because a connection was made, and html returned.
I've had mail problems as well, where secondary MX was never tried, because of verisign's new trick.

It's handy for when you mistype.. unfortuntaely, looking up web pages is just one of many uses for the DNS.... and not at all what it was intended for.

ICANN

[Lehk228 (705449)]

It's good to know that ICANN has at least a little backbone left. I for one welcome our ICANN overlords

Princess Server

[niko9 (315647)]

My name is ICCANa MOntoya, you killa my DNS, prepare to die!

More like...

[SonicBurst (546373)]

...my name is ICCANa SUEya, you killa my DNS, prepare to die penniless!

No More Crap

[ELCarlsson (570500)]

I think ICANN should basically tell VeriSign, "If you pull this crap again you're through." VeriSign doesn't deserve to be in the position they are in, IMO. This pretty much proves it.

Now we wait and see...

[NivenHuH (579871)]

What will happen when VeriSign doesn't do anything tomorrow? Is this just another "scare tactic"?

The answer is obvious

[r_j_prahad (309298)]

What will happen when VeriSign doesn't do anything tomorrow?

SCO will pull their UNIX licenses.

Re:The answer is obvious

[SillySlashdotName (466702)]

-1, Made Me Spew Mountain Dew Out My Nose

(damn, wish I had mod points...)

Re:Now we wait and see...

[EricTheGreen (223110)]

IANAL, but this would most likely be the scenario:

1. ICANN presents a tort complaint to the Federal bench after the deadline, claiming breach of contract, per the language in their letter. They could start with a local one, but there would be immediate issues regarding diversity of jursidiction, so they'd probably best just start with the Feds
   
2. They also request an expedited decision on the issue (unlikely) and/or an immediate injunction granting relief of the breach, pending delayed decision.
   
3. If the judge is so inclined, requested injunction is granted, with Verisign enjoined to restore the pre 9/15 operational environment "with all due speed".
   
4. Verisign hopefully complies, but I'd expect lots of legal wrangling, covering every base from "claim lacks merit on it's face" through "court does not have appropriate jurisdiction", probably an appeal or two, although I think the only level up from Federal would be the Supreme Court. Whether they'd grant the appropriate writ of certiorari to hear the appeal would be questionable, but that's my opinion, not a legal one.
   
5. Assuming Verisign's legal tactics fail them, they're under legal requirement to comply. Failure to comply, in the court's view, would be a serious mistake with potentially significant consequences for the Verisign officers. Operational question here would be what constitutes "all due speed" in applying a remedy.
   

Stay tuned folks, some interesting viewing coming up regarding this.

Re:Now we wait and see...

[Sangui5 (12317)]

although I think the only level up from Federal would be the Supreme Court

There is a Federal Appeals Circuit between the usual federal courts and the Supremes. If Verisign is so inclined, the appeals court would probably take their complaint under consideration, but would (probably) get back within a day or so saying "no". In general, appeals courts don't like to deal with temporary things. Verisign can still use such a strategy to buy a little time, but it's really only enough for them to figure out a way to buy yet more time.

The Message

[beldraen (94534)]

3 October 2003

Via E-mail and U.S. Mail

Russell Lewis
Executive Vice President, General Manager
VeriSign Naming and Directory Services
21345 Ridgetop Circle LS2-3-2
Dulles, VA 20166-6503

Re: Deployment of SiteFinder Service

Dear Rusty:

This letter is further to the advisory posted by ICANN on 19 September 2003 regarding the changes to the operation of the .com and .net Top Level Domains announced by VeriSign on 15 September 2003, and in response to your letter of 21 September 2003. These changes involved the introduction (for the first time in the .com and .net domains) of a so-called "wildcard" mechanism that changes the expected error response for Internet traffic that would otherwise have resulted in a "no domain" response, and redirects that traffic to a VeriSign-operated webpage with links to alternative choices and to a search engine.

Because of numerous indications that these unannounced changes have had very significant impacts on a wide range of Internet users and applications, ICANN on 19 September 2003 asked VeriSign to voluntarily suspend these changes, and return to the previous behavior of .com and .net, until more information could be gathered on the impact of these changes. On 21 September 2003, VeriSign refused to honor that request. In the time since then, ICANN has had further opportunity to consider the technical and practical consequences of these changes, and to evaluate whether these unilateral actions by VeriSign were consistent with its contractual obligations to ICANN.

Based on the information currently available to us, it appears that these changes have had a substantial adverse effect on the core operation of the DNS, on the stability of the Internet, and on the relevant domains, and may have additional adverse effects in the future. These effects appear to be significant, including effects on web browsing, certain email services and applications, sequenced lookup services and a pervasive problem of incompatibility with other established protocols. In addition, the responses of various persons and entities to the changes made by VeriSign may themselves adversely affect the continued effective functioning of the Internet, the DNS and the .com and .net domains. Under these circumstances, the only prudent course of action consistent with ICANN's coordination mission is to insist that VeriSign suspend these changes pending further evaluation and study, including (but certainly not limited to) the public meeting already scheduled by ICANN's Security and Stability Advisory Committee on 7 October in Washington, D.C.

In addition, our review of the .com and .net registry agreements between ICANN and VeriSign leads us to the conclusion that VeriSign's unilateral and unannounced changes to the operation of the .com and .net Top Level Domains are not consistent with material provisions of both agreements. These inconsistencies include violation of the Code of Conduct and equal access provisions, failure to comply with the obligation to act as a neutral registry service provider, failure to comply with the Registry Registrar Protocol, failure to comply with domain registration provisions, and provision of an unauthorized Registry Service. These inconsistencies with VeriSign's obligations under the .com and .net registry agreements are additional reasons why the changes in question must be suspended pending further evaluation and discussion between ICANN and VeriSign.

Given these conclusions, please consider this a formal demand to return the operation of the .com and .net domains to their state before the 15 September changes, pending further technical, operational and legal evaluation. A failure to comply with this demand will require ICANN

Re:The Message

[PhrackCreak (136718)]

This letter is further to the advisory posted by ICANN on 19 September 2003 regarding the changes to the operation of the .com and .net Top Level Domains announced by VeriSign on 15 September 2003, and in response to your letter of 21 September 2003.

No wonder Verisign didn't respond, September 19th is talk like a pirate day [talklikeapirate.com]. I'm pretty sure ICANN didn't send a message with 'avast ye scurvy dogs! ye shanghi'd the entire high seas and should be keel hauled like dirty traitorous bilge rats!'

Nice

[ruiner13 (527499)]

"If VeriSign does not comply with this demand by 6:00 PM PDT on 4 October 2003, ICANN will be forced to take the steps necessary to enforce VeriSign's contractual obligations."

I'd be interested to see what those obligations were. If it is as bad as that sounds, I wonder if VeriSign could lose their Registrar priviledges as a result. This could have huge implications, and could help small(er) registrars get a leg up (finally) in the .com and .net domains. I guess only time will tell.

Re:Nice

[Col. Klink (retired) (11632)]

I'd be interested to see what those obligations were.

Read the entire letter, not just the last sentence:

These inconsistencies include violation of the Code of Conduct and equal access provisions, failure to comply with the obligation to act as a neutral registry service provider, failure to comply with the Registry Registrar Protocol, failure to comply with domain registration provisions, and provision of an unauthorized Registry Service.

Re:Nice

[__past__ (542467)]

You have to remember what allows verisign todo wildcarding, the fact that they still manage the root servers.

They only operate A and J, leaving 11 others. Although it would cause some hassle if they were to move somewhere else away from Verisign (somewhere outside the US would be a good idea...), it isn't as if the net would immediatly implode if Verisign would try do play dirty.

And anyway, why did they need root servers for that stunt? They didn't wildcard ".", after all.

Ya gotta read the article ...

[nbvb (32836)]

To quote:

If, during this period, further technical and operational evaluations of the changes made by VeriSign on 15 September indicate that those measures can be reinstated, or reinstated with modifications, without adverse effects, I will initiate the process to modify the .com and .net agreements to allow those changes to take place. We will use best efforts to complete these evaluations in a timely manner.

So, basically, if I read this right ..

ICANN doesn't per se have a problem with the Sitefinder service, but rather, the manner in which VeriSign implemented it?

Ugh.

So basically, they're asking VeriSign to stop until they can take a look at it, give it a green light, and rubber-stamp it .....

Re:Ya gotta read the article ...

[SheldonYoung (25077)]

ICANN is saying that if VeriSign can prove Sitefinder doesn't have any negative impacts then it can be reinstated and they'll be glad to help. However, paragraphs 3 and 4 in the linked letter make it clear it would be an extremely unlikely event.

Re:Ya gotta read the article ...

[cdrudge (68377)]

At the begining of the letter, it says:

Because of numerous indications that these unannounced changes have had very significant impacts on a wide range of Internet users and applications, ICANN on 19 September 2003 asked VeriSign to voluntarily suspend these changes, and return to the previous behavior of .com and .net, until more information could be gathered on the impact of these changes. On 21 September 2003, VeriSign refused to honor that request. In the time since then, ICANN has had further opportunity to consider the technical and practical consequences of these changes, and to evaluate whether these unilateral actions by VeriSign were consistent with its contractual obligations to ICANN.

Based on the information currently available to us, it appears that these changes have had a substantial adverse effect on the core operation of the DNS, on the stability of the Internet, and on the relevant domains, and may have additional adverse effects in the future. These effects appear to be significant, including effects on web browsing, certain email services and applications, sequenced lookup services and a pervasive problem of incompatibility with other established protocols. In addition, the responses of various persons and entities to the changes made by VeriSign may themselves adversely affect the continued effective functioning of the Internet, the DNS and the .com and .net domains. Under these circumstances, the only prudent course of action consistent with ICANN's coordination mission is to insist that VeriSign suspend these changes pending further evaluation and study, including (but certainly not limited to) the public meeting already scheduled by ICANN's Security and Stability Advisory Committee on 7 October in Washington, D.C.

You also should have finished your quote with the next paragraph:

If, on the other hand, these ongoing evaluations confirm the claimed adverse effects on the Internet, the DNS or the .com and .net domains that have been publicized to date, or raise new concerns of that type, those concerns will have to be resolved prior to any reintroduction of these changes. If any such concerns cannot be resolved, and VeriSign continues to seek to implement the service, it will be necessary to make recourse to the dispute resolution provisions of the two agreements.

I think that ICANN is handling this excellently. Bascially ICANN first requested that VS stop...which VS didn't. Since several weeks have passed and it has become clear as to how many things VS action has broken, ICANN is now demanding that the cease. Think of it as a temporary injunction.

ICANN is not permanently banning them from doing the wildcard, but rather demanding that they stop until everyone can get to gether and examine the real impact. After that examination, then they will make the final determination on what to do. They aren't just flat out saying what to do without listening to things.

Internet governance failures

[Pac (9516)]

ICANN shouldn't have to sue anyone over a technical aspect of the Internet. They should have the tools to simply tell Verisign to do it and have it done quickly. And they should also have the means to simply cut Verisign out of the loop if push comes to shove (and let Verisign sue if they are unhappy).

Mabye, but...

[StringBlade (557322)]

If you give ICANN the power to create and implement the law without the need to use lawsuits, then you're effectively loading the gun with which to shoot yourself in the foot!

What happens when ICANN fully realizes this power and makes changes to the obligated behavior of TLDs and uses their power to force change that may not be in the best interest of everyone concerned (read: ISPs and end users).

Of all the lawsuits flying around this year, this one is actually valid and should occur with extreme prejudice.

Re:Internet governance failures

[stonecypher (118140)]

ICANN shouldn't have to sue anyone over a technical aspect of the Internet. They should have the tools to simply tell Verisign to do it and have it done quickly.

They are not suing. They are, in fact, leveraging their contract - their tool - and telling verisign to get it done and have it done quickly. Specifically, 36 hours. The thing about the business world is that if they didn't make sure that they were on strong grounds, if they demanded the service be taken down and then got sued, then they'd be indemnable for whatever money verisign made up that they lost on absent sitefinder service.

ICANN is doing the right thing, in fact the very thing that we're angry that VeriSign didn't do: they're checking that their actions are correct before undertaking them. ICANN has a responsibility to be proper and careful, rather than just running around swinging its arms like a bully (which some would say that it has done in the past.)

Look, you can't please everybody: if you do it fast people will say you didn't plan, and if you plan people will say you didn't do it fast enough. Don't you think it best that they do this in the way that's most difficult for VeriSign to prevent?

It's difficult to be the good guy.

And they should also have the means to simply cut Verisign out of the loop

As has been pointed out, they have implied that they will do just that in about 36 hours if their demands aren't met. As other /.ers have pointed out, they can just instruct the root servers to route around the damage.

(Of course, nobody seems to be pointing out that there's going to be the demand for some tremendous bandwidth and heavy servers pretty on-the-spot if they choose to do that. I find myself wondering which company will attempt to step up to the bat and steal the gold ring, if VeriSign fucks this up.)

Penalties

[bobthemuse (574400)]

So what exactly is ICANN going to do if they do not comply? The threat of legal action doesn't mean too much, as it can take years to resolve and based on the legal system's understanding of current technology, the outcome is completely up in the air.

Could ICANN actually transfer everything to another company? How long would this take? Is anybody set up to handle this? Think of all the little registrars which exist today, would this be a huge job?

worth reading

[sootman (158191)]

As much as I want them to stop, this response [ambler.net] makes a lot of sense, unfortunately: "So the key question now is, 'what will Verisign do?'... My gut reaction is to guess that they're not going to comply. Why should they? They're making mumble-mumble dollars per day on this 'feature,' which is multiples of what it will cost them to fight ICANN's demand, even if it goes to court. Every day that they drag it out is money in the bank... I predict that Verisign will very politely decline ICANN's "request," and state that the issue requires more study before coming to a conclusion. Much like any controversial aspect of ICANN's operation needs 'more study' before moving forward. It's worked in the past; I suspect it'll work now."

It's FRAUD

[by Anonymous Coward]

Anyone noticed what they're using to redirect people who go to www.sldkfjdsdlkfgjsdlkjf.com [sldkfjdsdlkfgjsdlkjf.com]? They use an HTTP 302 code. Ever looked that up? http://www.w3.org/Protocols/rfc2616/rfc2616-sec10. html [w3.org]:

10.3.3 302 Found

The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field.

When you say HTTP/302, you're saying the resource they're looking for exists somewhere else, in this case sitefinder.verisign.com. That is a lie. It is a gigantic, automated lie perpetrated automatically on the entire world. It's a class action suit waiting to happen.

wget www.ssdlfkjsdf.com

--04:51:57-- http://www.ssdlfkjsdf.com/
=> `index.html'
Resolving www.ssdlfkjsdf.com... done.
Connecting to www.ssdlfkjsdf.com[64.94.110.11]:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://sitefinder.verisign.com/lpc?url=www.ssdlfkj sdf.com&host=www.ssdlfkjsdf.com [following]

LIARS
It's fraud.

Verisign: The next SCO

[linuxbikr (699873)]

Looks like Verisign is becoming the SCO of the DNS world...

Verisign received trusteeship of the COM and NET TLDs by ICANN, the government and the rest of the Internet standards bodies. They are free to promote the domains but are obligated to act in a neutral fashion and keep the DNS running. They are required to act as a neutral third-party with regard to providing a network service much in the same way it did when DNS was run as a government funded, non-profit organization (InterNIC).

ICANN's pissed and rightly so. The average Internet user has no idea how the net really works with regard to DNS. To them, www.google.com is the Internet. To the techies, we know the names are just thin veneers over the IP addresses that really control and make things happen. Until this affects the average user, only the geeks and techies of the world will care about this.

Verisign has gone and broken THE CORE PROTOCOL of what makes the Internet work! Without DNS, we would have to use and memorize IP addresses. DNS is supposed to work by returned an answer as to whether or not a name is mapped to an IP address and provide that address.

By building SiteFinder, they have waived their right as a neutral third party and are now trying to co-opt the largest domain registries in the world for their own personal profit and use. In doing so, they have also broken the software contract between DNS and its users. They've changed the interface that people expect to work a certain and broken or severely damaged the functionality of software around the world. When mail servers can't figure out if an e-mail is forged or not, it's only going to be a matter of time before the spammers clue in and increase bandwidth usage across the board until things change.

What Verisign fails to acknowledge is that registry is not theirs to do that with. It was paid for by taxpayer dollars and grants over many years from countless communities and can be considered a public utility. There cannot be preferential treatment in this. Or they can claim that the COM/NET TLDs are their intellectual property and they can do with it as they please. They want to do that? Fine, they can push for a new TLD to be added to the hierarchy for private use which they can manage. Turn over COM/NET to a neutral non-profit and let them run it as a public trust.

Revoke Not Sue

[toupsie (88295)]

Verisign should have its right to manage the .com, .net and .org TLDs revoked permanently. No ands, ifs or buts. They have stepped over the line. They have had the opportunity to down sitefinder weeks ago and they thumbed their nose at all of us.

If I Recall Correctly...

[StringBlade (557322)]

they did lose the .org management already. It's just .com and .net now.

Conflict of interests

[iamacat (583406)]

Network solutions shouldn't have been allowed to get into any business besides selling domain names and providing DNS. Anything else (like selling ads on their sitefinder) and there is a risk they will do something to DNS to promote their other products rather than improve usability (as they did). They shouldn't even be allowed to send unlimited e-mails to domain name owners.

TLD registrars and DNS providers should be small companies, run by people who are content to do a job and make a small profit, but not have unlimited freedom/growth potential of a private company that doesn't provide any exclusive service to the public.

I hope ICANN moves in that direction right away and not even bother with separate lawsuits for various small points.

Typical

[lightspawn (155347)]

Just 2 days after I finally get Cox Communications to install the DNS patch...

Couldn't ICANN have let me stay a hero for just a few more days?

They are so polite!

[khendron (225184)]

To paraphrase a little

Dear Rusty,

Blah blah blah ...

Do it or it your ass!

Best Regards

Paul

It's like watching two Englishmen having a civilized cup of tea while trading insults.

Verisign broke archive.org

[Animats (122034)]

Archive.org will no longer return pages from sites whose domain is not assigned. The problem is that archive.org checks the current "robots.txt" file for the site, and will obey it. Verisign's tampering causes archive.org to read "http://sitefinder.verisign.com/robots.txt", which reads

• User-agent: *
• 
  Disallow: /

thus causing archive.org to reject all requests for old sites.

Verisign relents

[kindbud (90044)]

VeriSign Will Temporarily Suspend Web Navigation Service in Order to Continue To Work With Internet Community Towards a Long-Term Implementation [yahoo.com]

Good for them. Even better for us.

It's a press release from VRSN, so naturally it is full of half-truths and lies, but the bottom line is that they are getting in line. I doubt SiteFinder or wildcards will be resurrected after this debacle.

Re:Verisign relents

[Nintendork (411169)]

"During the more than two weeks that Site Finder has been operational, there is no data to indicate that the core operation of the Domain Name System or stability of the Internet has been adversely affected. ICANN is using anecdotal and isolated issues to attempt to regulate non-registry services, but in the interests of further working with the technical community we will temporarily suspend Site Finder."

WTF is this bastard smoking? If I ever run into this guy on the streets, I'm going to shove a pineapple up his ass and say that there's no data to indicate that he's going to have trouble pooping.

-Lucas

Re:Verisign Sucks

[Iphtashu Fitz (263795)]

Verisign sucks. Does anyone use them anymore?

Do you ever visit a domain with .com or .net TLD? If so then you use Verisign yourself. You're relying on the root DNS servers that they manage.

Transcription from the ultimatum

[muyuubyou (621373)]

You have 36 hours to pull sitefinder or we will bring in the Mallard Ducks.

Re:Transcription from the ultimatum

[the_consumer (547060)]

Congradulations. First necro-homo-mallard troll. Well done.

Re:Verisign Sucks

[Broodje (646341)]

I do, because when I signed up it was 'Network Solutions' and back then it was a breeze doing business with that company. Now, though, is a different story. I get spammed by them, I get the run-around if I want to tranfer my domain name, and I now have a horrible customer web interface I *have* to use since calling them on the phone gives me an unintelligent and impatient customer service. I can't risk losing the domain name because of some bureaucratic "limbo" caused by Verisign's inability to do their job. I get to try to transfer my domain to another registrar this december. Let's hope I get lucky and it happens smoothly.

Do I use them? Yes, unfortunately I do at the moment.

Re:Verisign Sucks

[JayBlalock (635935)]

Which rather illustrates one of the big problems with our stock system at the moment. Most tech investors DON'T follow tech headlines, and some (I suspect) intentionally ignore them. So Company X (be it Verisign or Microsoft or SCO or whoever) does something massively illegal\immoral\just plain stupid, but issues some glowing release about how they've just implemented a move to double their revenue, or eliminate a threat to their company. The Investors buy it, and buy their stock, thus reinforcing their behavior. Thanks to the crawling state of our civil justice system, it's years before any actual reprocussions from the act come back, so in the meantime the investors (and the CEOs and other with loads of stock options) profit, and can get out of the game before the hammer falls.

No, I don't have a solution. Just pointing out that this is just a symptom of a larger problem.

Re:The big question is

[dissy (172727)]

> What if Verisign ignores this just like they ignored everything else? They are
> in a position to seariously mess up the DNS system.

ICANN can always instruct the root DNS servers to point elsewhere for com. and net. instead of verisigns gTLD servers. That would effectivly remove verisign from the game totally.

At this point verisign is legally bound to hand over their database of customer info so that the new registrar can pickup where they left off, and verisign would be held accountable for all damages caused if they dont (Which would easily be in the tens of millions a day)

ICANN being the primary board, if anyone at verisign said 'no' they most likely would be held personally accountable.
Its like if the admin of a company gets put on another project and refuses to give his boss the root passwords. He will be personally held responsible. And one way or another, the problem will get fixed.