Forgot your password?
typodupeerror
The Courts Government The Internet News

Verisign Sues ICANN Over SiteFinder 395

Posted by CowboyNeal
from the permission-to-redirect-web-users-please dept.
camusflage writes "Yahoo's running a story about VeriSign suing ICANN for holding up Sitefinder. Choice quote from VeriSign: 'This brazen attempt by ICANN to assume 'regulatory power' over VeriSign's business is a serious abuse of ICANN's technical coordination function.'"
This discussion has been archived. No new comments can be posted.

Verisign Sues ICANN Over SiteFinder

Comments Filter:
  • by Adam9 (93947) on Thursday February 26, 2004 @07:38PM (#8402970) Journal
    In Corporate America, Verisign sues ICANN!
  • :rolleyes: (Score:5, Insightful)

    by tehdely (690619) * on Thursday February 26, 2004 @07:38PM (#8402973) Journal

    The Internet Corporation for Assigned Names and Numbers has no authority to prevent VeriSign from rolling out a search engine for users who mistype Internet addressees, VeriSign said, as well as another feature that allows users to sign up for a waiting list for desirable domain names.


    Nice and misleading explanation right there. We're talking about a 'search engine' that impacts any internet application querying a non-existent domain. Once again, the "THE INTERNET IS ONLY THE WEB" mindset that low-grade tech journalism seems to be stuck in is preventing people from realizing the destructive nature of something as profound as adding a wildcard to major TLDs.


    "This brazen attempt by ICANN (news - web sites) to assume 'regulatory power' over VeriSign's business is a serious abuse of ICANN's technical coordination function," said VeriSign in the suit, which was filed in U.S. court in Los Angeles.


    Errmm... Last I checked, regulating internet infrastructure with regards to assigned names and numbers is ICANN's job. Anything less than a "brazen attempt" and they would be failing at enforcing the RFCs and other regulations they've been entrusted to enforce. Since when do Verisign's business interests trump this?


    Though ICANN restructured itself to operate more efficiently last year, a VeriSign official said the group was still too cumbersome.

    "Working the ICANN process is like being nibbled to death by ducks," said Tom Galvin, VeriSign's vice president for government relations. "It takes forever, it doesn't make sense, and in the end we're still dead in the water."


    At least they respond to complains with action, instead of stonewalling anyone who disagrees with them, as Verisign so eagerly did when the SiteFinder controversy first broke.

    Screw Verisign. I've seen plenty of companies with brazen, my-way-or-the-highway attitudes, but this one is entrusted with managing a major international public resource, and have been caught with their pants down abusing that trust. To whine like this is a sign of just how out of step Verisign really is. Frankly, they deserve to have all authority over the root servers taken away from them before they do more harm in their quest for profits.
    • Re::rolleyes: (Score:5, Interesting)

      by Quasar1999 (520073) on Thursday February 26, 2004 @07:42PM (#8403023) Journal
      I agree with your views... However, I would suggest we simply get rid of verisign, ICANN, and every other company that can hold the internet hostage. I don't have a good replacement strategy in mind yet, but there's got to be a solution that doesn't leave a single company holding all the cards. Distributed administration of the internet? Is that possible? I don't know, I'm not a network theorist (or whatever the official title for that would be.)... anyone care to explain why we have a single entity in charge?
      • Re::rolleyes: (Score:5, Informative)

        by gclef (96311) on Thursday February 26, 2004 @08:01PM (#8403205)
        1) Public IP addresses must be globally unique. If they weren't, routing traffic would be effectively impossible

        2) Public DNS names must be globally unique. This one isn't nearly as obvious as addressing, but it's still clear once you think about it, and is even enshrined into one of the RFC's on the subject.

        Given that we require uniqueness, someone has to manage the systems to check that uniqueness and dole out addresses (both IP and names). That task fell to ICANN, who have since sub-contracted that work out to other entities. But still, someone has to run the central database, or there'd be chaos.
        • Re::rolleyes: (Score:5, Informative)

          by Paul Jakma (2677) <paul+slashdot@jakma.org> on Thursday February 26, 2004 @10:24PM (#8404300) Homepage Journal
          1) Public IP addresses must be globally unique. If they weren't, routing traffic would be effectively impossible

          Incorrect. Addresses need not be unique at all,

          Indeed one can make very good use of non-unique addresses. Quite a few of the IP addresses for the root DNS servers (eg those operated by ISC) are assigned to multiple different computers, diversely located geographically. Go google for "anycast". The 6to4 relay service also uses a public, non-unique address (ie anycast) for the 6to4 gateway.

          Any stateless network service can be deployed using anycast addresses.
          • Re::rolleyes: (Score:4, Informative)

            by Timothy Brownawell (627747) <tbrownaw@prjek.net> on Friday February 27, 2004 @01:21AM (#8405509) Homepage Journal
            1) Public IP addresses must be globally unique. If they weren't, routing traffic would be effectively impossible

            Incorrect. Addresses need not be unique at all,

            Indeed one can make very good use of non-unique addresses. Quite a few of the IP addresses for the root DNS servers (eg those operated by ISC) are assigned to multiple different computers, diversely located geographically. Go google for "anycast". The 6to4 relay service also uses a public, non-unique address (ie anycast) for the 6to4 gateway.

            Any stateless network service can be deployed using anycast addresses.

            But everything at that specific address is seen as effectively one server. Addresses don't need to be distinct per physical machine, they need to be distinct per logical server. Two different servers (probably owned by different people) having the same address wouldn't work too well, how would you say which one you wanted to talk to?

            Tim

            • Re::rolleyes: (Score:4, Informative)

              by Paul Jakma (2677) <paul+slashdot@jakma.org> on Friday February 27, 2004 @01:50AM (#8405664) Homepage Journal
              Addresses don't need to be distinct per physical machine, they need to be distinct per logical server.

              Define a logical server? Providing a unique and coherent service? No, that isnt needed. You could use anycast for anything such that you are directed to the topologically closest host. (where "topologically closest" is defined by routing). Eg, you could setup an anycast address for "PGP public key server", or "web proxy" or "SMTP server", etc. Indeed, let me clarify my remark on statelessness - it is easiest to use anycast for stateless services, however one could use them for stateful services too, provided one had control over the stability of the topology. (eg a corporate, geographically diverse network, where topology changes were infrequent, could use anycast addresses to direct mobile users to the closest host providing a service).

              Two different servers (probably owned by different people) having the same address wouldn't work too well, how would you say which one you wanted to talk to?

              You dont, that's the entire point of anycast. Instead the routing domain picks the best host for you.
      • Re::rolleyes: (Score:4, Informative)

        by Charlotte (16886) on Thursday February 26, 2004 @09:03PM (#8403713)
        When you lookup slashdot.org you are looking up 'slashdot' inside the 'org' domain. To do that you need to know who knows about 'org'

        Every domain name server has a list of root IP addresses, this is where he can find the ip address of the server that knows about 'org' and other domains.

        The servers in that small list get a lot of traffic. Some are owned by the US military, other are owned by universities, etc. It's undoable for most for-profit organisations to fund such a machine (typically mainframes are used) or even its internet connection.

        We do need a central authority to regulate the IP address ranges and adherence to RFCs such as the one in question here (DNS) that form the back bone of the internet, at least until we have something better.

        In this case the ICANN has done its job, thankfully. Perhaps it's not a completely lost cause after all.
    • by OzPhIsH (560038) on Thursday February 26, 2004 @08:10PM (#8403278) Journal
      "Working the ICANN process is like being nibbled to death by ducks," said Tom Galvin, VeriSign's vice president for government relations. "It takes forever, it doesn't make sense, and in the end we're still dead in the water."

      I wonder if Tom Galvin and Darl spend late nights together working on clever metaphors to use in press releases related to their lawsuits...
    • Re::rolleyes: (Score:5, Informative)

      by mysticalreaper (93971) on Thursday February 26, 2004 @08:31PM (#8403430)
      Frankly, they deserve to have all authority over the root servers taken away from them before they do more harm in their quest for profits.

      Your comment is otherwise excellent, but this line deserves correction. Verisign does *not* have control over the root servers*. ICANN does. This is an important distinction because control over the root servers is what gives ICANN it's authority. What Versign DOES control are the so-called 'GTLD' servers, which serve the .com and .net zones. (and the .org zone, once upon a time) And it's on those zones they are acting unilaterally. Sitefinder, when it was active, only worked on non-existant .com and .net hostnames, no others

      *footnote: Verisign does, however, operate 2 of the root servers, A and J. In fact, Verisign operates them quite well, and in co-operation with the other root-server operators. But all root servers have the same data, provided by ICANN. The list of root servers (and who operates them) can be found here [root-servers.org].
      • by meshmar (11818) on Thursday February 26, 2004 @10:42PM (#8404472) Homepage
        Effectively Verisign has pointed an infinite number of url's at their ip block ... therefore they should owe someone an infinite amount of money for those url's. If I have to pay for mine, then they should have to pay for theirs.

        Since we have just bankrupted Verisign, then a legitamate company can take over their job of controlling the GTLD servers for .com and .net - just my $0.02
    • Re::rolleyes: (Score:4, Informative)

      by budgenator (254554) on Thursday February 26, 2004 @08:32PM (#8403440) Journal
      Frankly, they deserve to have all authority over the root servers taken away from them before they do more harm in their quest for profits.

      a lot of people don't know this but verisign's root server isn't the only game in town, these root servers [wikipedia.org] offer many alternatives. If enough people make an end run arround their monoply, their authority will diminish as well as any brazen behavior. If you need instructions on how to do this OpenNIC [unrated.net] has detailed instructions.
    • Re::rolleyes: (Score:5, Interesting)

      by armando_wall (714879) on Thursday February 26, 2004 @08:59PM (#8403674) Homepage

      Last I checked, regulating internet infrastructure with regards to assigned names and numbers is ICANN's job.

      Yeah. I don't know what's going on in these verisign people's minds.

      I remembered them stopping the service because of ICANN issuing warnings and threatening to sue. It's not like ICANN literally forced them to shut that nasty service down (they should have that power, by the way).

    • by billstewart (78916) on Friday February 27, 2004 @05:14AM (#8406367) Journal
      • If a customer's Port 80 web application sends Verisign a DNS request for a missing site, and Verisign responds with a pointer to Sitefinder, and the customer's application sends an HTTP:80 request to Sitefinder, and Sitefinder responds with a web search page, it's greedy and not correct, but mostly harmless and sometimes helpful.
      • If a customer's Port 443 Secure Web application sends Verisign a DNS request for a missing site, and Verisign responds with a pointer to Sitefinder, and the customer's application sends Sitefinder a request, it's potentially a serious security breach (though not usually, because usually the connection fails before anything important gets sent.)
      • If a customer's email application sends Verisign a DNS request for a missing site, and Verisign responds with a pointer to Sitefinder, and Sitefinder's email application rejects the connection, it's broken in ways that are mildly to seriously annoying.
      • And if some other application (even HTTP on port!=80) that Sitefinder doesn't support sends Verisign a DNS request, and Verisign responds with a pointer to Sitefinder, that's badly broken.
      If Verisign can't tell the difference between the applications which it helps and the applications it breaks, which they can't, they'd better not go breaking things, and if they break them they should be fired.
  • Wow. (Score:3, Funny)

    by JesseL (107722) on Thursday February 26, 2004 @07:38PM (#8402979) Homepage Journal
    Hello Kettle, I'm Pot. Would you like to step inside my glass house?
  • I'd would say... (Score:5, Interesting)

    by clifgriffin (676199) on Thursday February 26, 2004 @07:38PM (#8402981) Homepage
    That Verisign's site finder is a brazen abuse of their power as a service provider.

    It's a cheap ploy to get billions of hits to a VeriSign controlled page.

    I have 0 respect for Verisign...they have long established they will discard customer concern for any perceived increase in money.
  • by dmehus (630907) on Thursday February 26, 2004 @07:39PM (#8402982) Homepage
    ICANN has made numerous unpopular decisions throughout its corporate life. So has VeriSign. This is truly a battle of two evils. Which one is the lesser evil, in your opinion?

    In my own personal view, I do hope ICANN emerges from this lawsuit as the "victor". If VeriSign were to win its request for an injunction against ICANN, and on the broader claim that ICANN "unlawfully transformed itself from a technical coordination body to the de-facto Internet regulator," I feel it would have far-reaching implications for all of us. It would effectively muzzle ICANN and give VeriSign free reign to do as it pleases with the Internet -- at least until a legislative change was made, such as making ICANN into a government regulatory agency similar to the FCC. Mind you, that might be a good thing. It might force the Bush administration's conservative laissez-faire approach to Internet governance to get a dramatic overhaul and become more regulatory. Another plus to ICANN becoming a taxpayer-funded government regulatory body, it could keep its acronym and be enshrined into law as the Internet Commission for Assigned Names and Numbers. Or, it could become the Internet Naming and Numbering Agency -- or INNA.

    Nonetheless, this will be a bitter battle.

    It also has high stakes for VeriSign. If VeriSign is unsuccessful, it will almost certainly ensure that the dot-net gTLD is redelegated to a new operator later this year.

    My take,
    Doug

    P.S. Copies of the complaint:
    http://www.politechbot.com/docs/verisi gn.complaint .p1of2.022604.pdf

    and

    http://www.politechbot.com/docs/verisign.complai nt .p2of2.022604.pdf
    • by Anonymous Coward on Thursday February 26, 2004 @07:55PM (#8403152)
      Man, I never support people that try to stamp-out others opinions, but what is wrong with you? You _WANT_ Bush and his techno-challenged administration to have the responsibility of putting together an organization that manages the WHOLE internet? Thats scary.
    • by bodrell (665409) on Thursday February 26, 2004 @07:59PM (#8403184) Journal
      Re. your question--I think it's simple. ICANN is the lesser of two evils. Being swayed by corporate interests is bad, but not as bad as when the corporate interest is yourself (as is the case with Verisign).

      Having said that, I don't think making it a gov't institution would solve anything. There have been many situations where gov't regulation has helped us, but when has the gov't taken over a previously private role and done a better job?

      Although the free market can't solve every problem, this seems like a case where elegant legislation might make the difference. Now, Verisign has a monopoly on .com domain registration. But why should they? Shouldn't that position be open for bidding? Or have term limits? If a company only has a short window of time in which it controls domain registration, or if there are repercussions for abusing its power, that company will likely be cautious about enacting drastic infrastructure changes of the type Verisign is implementing.

      (By the way, people often use the $ as a derogatory marker for an entity they don't like, such as Micro$oft or the Church of $cientology, so why not Veri$ign as well?)

      • by randyest (589159) on Thursday February 26, 2004 @08:26PM (#8403397) Homepage
        elegant legislation

        Isn't that an oxymoron these days, you know, like military intelligence or jumbo shrimp?
    • by John Hasler (414242) on Thursday February 26, 2004 @08:06PM (#8403247) Homepage
      > ...at least until a legislative change was made,
      > such as making ICANN into a government regulatory
      > agency similar to the FCC. Mind you, that might be
      > a good thing.

      So you are looking forward to being required to get a license for your Web site and a permit for your mail server? I'm sure Verisign will be ready to expedite the application process for their customers.
      • by milkman_matt (593465) on Thursday February 26, 2004 @08:24PM (#8403385)
        So you are looking forward to being required to get a license for your Web site and a permit for your mail server?

        I know it's bad to restrict people like that, but DAMN that would make the internet a paradise (if regulated properly) especially the 'permit for your mail server'. In fact, tell me again why this is bad? We've proven ourselves to be incapable of managing our servers responsibly so far...

        -matt
        • by lavaface (685630) on Thursday February 26, 2004 @10:15PM (#8404221) Homepage
          First, this is an international problem that would be impossible to implement--too many jurisdictions, little chance for even enforcement.

          Secondly, how would you determine who gets a permit? Doesn't pass spam? Ok, how about sending unpopular political views or "dangerous" information.

          It might seem nice but I think the best bet is to work on the technical aspects of the problem rather than legislating ourselves into smaller cages. Just a thought . . .

    • by jmv (93421) on Thursday February 26, 2004 @08:40PM (#8403506) Homepage
      at least until a legislative change was made, such as making ICANN into a government regulatory agency

      <sarcasm>Why would you want the French government to control the Internet?</sarcasm>

      Seriously, the Internet needs to be controlled by the UN or something like that.
    • by Anml4ixoye (264762) on Thursday February 26, 2004 @08:49PM (#8403590) Homepage
      Or, it could become the Internet Naming and Numbering Agency -- or INNA.

      Or, it could be the Internet Naming and Numbering Agency for Good Addresses, Delegated Domains, Aliases and Displayed Archives to Vehemently Investigate Dispute Allegations.

      There. INNAGADDADAVIDA. Has a catchy ring to it, hmm?

    • by DonGar (204570) on Friday February 27, 2004 @02:45AM (#8405892) Homepage
      A simple question. Verisign is just a sub-contractor. Why haven't they been fired over site finder, and why do they believe they won't be fired now?

      If they are being paid to do a job, they have to do the job they way they are told to do it, or quit/get fired. Right? Why is this any different just because the employee is really a multi-billion dollar corporation?

      Since when does "the right to innovate" equate to the right to rewrite job requirements?
  • by erroneus (253617) on Thursday February 26, 2004 @07:39PM (#8402990) Homepage
    I'm utterly dumbfounded! These are two of the internet's finest and most reputable entities! How can either be involved in any kind of abuse or malpractice? There must be some kind of mistake...
  • by Renraku (518261) on Thursday February 26, 2004 @07:41PM (#8403004) Homepage
    What if other companies did similar things? What if companies involved with the stock market used their insider info to give them a step-up when it comes to which stocks to buy and sell? Yeah, its a bad idea. Same here.
    • Re:Thats funny.. (Score:5, Insightful)

      by Anonymous Coward on Thursday February 26, 2004 @07:56PM (#8403158)
      A better analogy would be NASDAQ creating default trades for stocks they'd picked when a broker/trader mistyped a stock symbol....instead of just returning a "uhm, you can't type" message.

      Verisign is a dinosaur. Time to take them down. They're both incompetent and dishonest.
  • by mishehu (712452) on Thursday February 26, 2004 @07:41PM (#8403013)
    because you are preventing us from being a monopoly! And that is sooooo unfair to us!
  • My prediction... (Score:5, Insightful)

    by tekiegreg (674773) <tekieg1-slashdot@yahoo.com> on Thursday February 26, 2004 @07:43PM (#8403034) Homepage Journal
    We have the big ugly viscous Microsoft-like villains vs. the slothlike, inefficient quasi-government organization...

    My bets are on the lawyers...with 100 to 1 against the people... :-/
  • by lukewarmfusion (726141) on Thursday February 26, 2004 @07:44PM (#8403038) Homepage Journal
    Really - this is the kind of argument I would expect from a spammer that doesn't want to be restricted in their ability to serve unwanted ads to increasingly frustrated recipients.

    Oh, wait. I get spam from Verisign (and their subsidiaries) all the time. ... addToListOfEvilCompanies("Verisign");
  • by RobertB-DC (622190) * on Thursday February 26, 2004 @07:45PM (#8403044) Homepage Journal
    From the article:
    "Working the ICANN process is like being nibbled to death by ducks," said Tom Galvin, VeriSign's vice president for government relations. "It takes forever, it doesn't make sense, and in the end we're still dead in the water."

    Yeah. Nibbled to death by ducks. That sounds good.

    Mallard Ducks [www.nmr.nl].

    Well, we can dream, at least...
  • by evn (686927) on Thursday February 26, 2004 @07:46PM (#8403058)
    The Internet Corporation for Assigned Names and Numbers has no authority to prevent VeriSign from rolling out a search engine for users who mistype Internet addressees, VeriSign said, as well as another feature that allows users to sign up for a waiting list for desirable domain names.

    Hey Verisign: We don't care if you want to make a search engine for miss-spelled domains, nor do we care if you want to setup a domain name waiting list. In fact the only thing that bothers anyone is that you're breaking DNS to force us to use them.

    If this was really about setting up a search engine and nothing else they could just register vs-sitefinder.com and vs-domain-wait-list.com and be in business. Instead they insist on pissing on their responsibility to maintain a functional DNS system in order to achieve some sort of edge over the competition.

    Is there some sort of contest for the most hated corporation going on between Microsoft, SCO, and Verisign?

  • Lose Verisign (Score:4, Insightful)

    by Anonymous Coward on Thursday February 26, 2004 @07:46PM (#8403061)
    Take away their privilege (not right) to be a domain registrar.
  • What most see (Score:5, Informative)

    by unix guy (163468) on Thursday February 26, 2004 @07:46PM (#8403066) Homepage
    What most people see is that this is just an extended version of IE's built in search that throws you to MicroSoft's search engine (which sucks), so they don't see the implications for all the REAL internet applications that don't run through a web browser.
  • by saforrest (184929) on Thursday February 26, 2004 @07:47PM (#8403069) Homepage Journal
    I think this whole Verisign/ICANN thing, perhaps better than most recent examples of high-profile disputes in the tech industry, illustrates what a fundamental disconnection there is between the computer sophisticates and average, well-educated newspaper readers.

    Even in this article, which is reasonably technically sophisticated, Verisign's SiteFinder is almost invariably described in terms which suggest it was just a helpful service for lost souls (people who'd typed a wrong URL) instead of being recognized for what it is, an aggressive land grab and a ridiculous abuse of monopoly power.

    It's not like newspapers are in VeriSign's pockets or anything. Why is that so few of them seem to understand how bad what VeriSign did is?
    • by eurleif (613257) on Thursday February 26, 2004 @07:53PM (#8403130)
      Because newspapers don't have good tech writers. How would they? The people in charge of hiring them don't know what to look for, anyone who knows a little more than the employer will look like an expert.
    • by RAMMS+EIN (578166) on Thursday February 26, 2004 @08:14PM (#8403318) Homepage Journal
      Similarly for SCO. Their claims sound quite reasonable if you don't read what other parties say about it. This is why objectiveness and freedom of speech are so important.

      There was an article in the Dutch newspaper Metro a while ago, reporting on research findings that claimed 85% of Dutch individuals and corporations saw virus protection as the responsibility of ISPs. This is a ridiculous preposition, considering that virii spread just fine without ISPs, and ISP don't and shouldn't have any business restricting what traffic goes to my network.

      I wrote a letter to the paper explaining this, blaming the spread of virii on people using faulty software, from suppliers negligent to release patches, and users not applying them. I also mentioned alternatives. The posted the letter (omitting the alternatives; sadly, as I don't like pointing out problems without proposing solutions), and I hope it has helped people gain some more insight. I intend to post the letter (and a translation) on my website.
    • by swb (14022) on Thursday February 26, 2004 @08:41PM (#8403508)
      And general society is pig-ignorant when it comes to computers and technology. A reasonable percentage can do the obvious things with technology that corporations have spent billions making as easy as plug and play, but by and large they remain totally ignorant when it comes to even the most basic explanations of how technology works.

      Furthermore, there's a significant number of people who hold the notion that knowing "how things work" somehow makes you some kind of commoner or blue collar schmuck, and unfortunately many of these people are in high-visibility leadership positions and they pass these attitudes down to their followers, spreading the misguided notion that ignorance of technology -- ANY technology -- somehow is evidence of your superior social or economic standing.

      So I actually can't blame newspapers, other than that they're just reflecting the general ignorance of the general population (plus all the usual problems with in-depth facts and information gathering daily news media have).

      I think it's up to us or some geek advocacy group to work the PR hard on this so that the news media gets a better idea of what's actually happening and how it hurts the internet. We know that Verisign will be more than willing to work THEIR PR resources to get their side of the story out.
  • Reform ICANN! (Score:3, Interesting)

    by Anonymous Coward on Thursday February 26, 2004 @07:47PM (#8403074)
    Glad to see that the early hooting isn't only anti-VeriSign. People ought to consider that ICANN has been burying everything registries want to do in piles of bureaucracy, while trying to grab more and more money and power. ICANN should be reformed and stuck to technical operational issues rather than playing footsie [icannwatch.org] with international bureaucrats. Think of all the nonsense that would come from the ITU/U.N. getting its mitts on "Internet governance," which is being discussed in Geneva today and tomorrow [itu.int]. VeriSign is no angel, but if it can take ICANN down a notch, I'm for it.
  • by dan_sdot (721837) * on Thursday February 26, 2004 @07:47PM (#8403075)
    This sort of problem could have been forseen. Even though I hated their Sitefinder feature, they have a point. Since when does ICANN have the power to tell a business or person what they can or can't put on their page? It just so happens that this business is Verisign, who also runs part of the internet.

    This is where the problem is. Why is a business running these domain names? That seems like a conflict of interest to me. There needs to be non business regulatory commitees that run it. The issue certainly can't be finding money to do it.

    Even though its a little annoying that Verisign wants to show their sitefinder, as a business, they have every right to do it.

    This discussion reminds me of something on slashdot a while ago that I can't find that was something like "10 common misconceptions about the internet". The whole point was that the internet is just a network of computers, its that simple. This simplicity will vanish before our eyes if we have businesses running it.
    • by ahodgson (74077) on Thursday February 26, 2004 @07:57PM (#8403161)
      Umm, they didn't tell them what they could put on a web page. What they told them was they couldn't insert a wildcard record in the .com and .net zones and redirect queries for EVERY NONEXISTENT DOMAIN in those zones to their servers, for every Internet service, not just web.

    • by mmu_man (107529) on Thursday February 26, 2004 @07:59PM (#8403192)
      > Since when does ICANN have the power to tell a business or person what they can or can't put on their page?
      Since it's NOT their page. foobar4575368389.com is NO more verisign's page that it is anyone else's since the domain is not registered.
      sitefinder is not the problem. The problem is the default DNS entries which redirect connections to sitefinder.
      VeriSign used their access to the DNS they host *on behalf of ICANN*, to gain visibility for their sitefinder crap.
      Appart from being highly unfair to search engine competition, and ethically wrong, it also brings lot of technical issues for any protocol (which HTTP is only one of them) used on the Internet.
    • Page? What page? (Score:5, Insightful)

      by tkrotchko (124118) * on Thursday February 26, 2004 @08:10PM (#8403279) Homepage
      "Since when does ICANN have the power to tell a business or person what they can or can't put on their page?"

      ICANN isn't claiming any such thing; all they're saying is you must administer DNS to the RFC specifications.

      In fact, my guess is that ICANN doesn't care at all about siteminder.

      Is it really that hard to understand?
  • by teeker (623861) on Thursday February 26, 2004 @07:48PM (#8403078)
    This may be a dumb question....but why do we need Verisign? I know they control some of the root servers, but why them? Couldn't the internet as a whole (if it could somehow come to an agreement), give those root servers to somebody else? The list of root servers is static. If everybody just changed the list all at once, their servers would suddenly become quiet and this would be a non-issue.

    Of course, I realize that doing that would not be so straightforward, but such an effort would send a message...to Verisign and to anybody else that would try this kind of crap. Self-healing network, heal thyself!
    • Verisign controls the "A" and (I think) "J" root servers, but that's pretty irrelvant to this discussion. Seriously.

      What is relevant is that they also control the gTLD root servers for .com and .net - and that's what they plan on running Sitefinder on.
      They've even got a contract for it...
    • The solution (Score:5, Interesting)

      by wurp (51446) on Thursday February 26, 2004 @08:23PM (#8403381) Homepage
      The solution is to alter a DNS server so it examines the results it gets back from its parents, and if it's a BS Verisign auto-search response, tell the requestor that the domain doesn't exist. Then we all start running and/or pointing to a DNS server that runs this new & improved DNS server, and all is good.

      Be sure to make the change modular so we can remove it when Verisign pulls their head out.
  • Duel (Score:5, Funny)

    by savagedome (742194) on Thursday February 26, 2004 @07:48PM (#8403085)
    Verisign: I can ICANN: U can't
  • Fighting back? (Score:5, Interesting)

    by bobetov (448774) on Thursday February 26, 2004 @07:49PM (#8403088) Homepage
    At what point does it make sense to start editting Verisign.com out of the internet? The basic ploy here seems to be to ride rough-shod over the concerns of the technical users and administrators who maintain the 'net, in the hopes that uneducated consumers will ignore the issue.

    It seems to me that the thousands of sysadmins, ISP admins and so forth who read this site and feel the pain of Verisign's greed have an option here - alter our local DNS registries to point www.verisign.com etc to 127.0.0.1. Given enough people doing this and their business will start to feel the pain.

    It would be a fine twist to this whole mess, and perhaps drive home to the PHB's at Verisign exactly how annoyed this makes those of us who understand the ramifications of their actions.
    • Re:Fighting back? (Score:5, Interesting)

      by silentbozo (542534) on Thursday February 26, 2004 @08:00PM (#8403196) Journal
      Or better yet, demonstrate how DNS MUST operate on mutual trust, by sending anybody trying to query www.verisign.com (and other associated names) to their competitors (on a random basis.) If Verisign wants to break DNS, they'll have to deal with the fact that anybody else down the chain between the root server and the user can break it equally as well.

      Remember folks, we use DNS because it's useful. If it stops being useful, we can stop using it just as quickly.
    • Re:Fighting back? (Score:4, Insightful)

      by zorgon (66258) on Thursday February 26, 2004 @08:05PM (#8403243) Homepage Journal
      Yes, but didn't Verisign use some sort of random hostname thing the last time to spoof this very tactic? I spose you could filter *.verisign.com and more, but it'd be like keeping up with spam.
  • by SmackCrackandPot (641205) on Thursday February 26, 2004 @07:50PM (#8403097)
    Very often, when anyone tries to access a now non-existant web page, the ISP owning the relevant server will forward you to one of their home pages. Or maybe a web domain speculator will buy up a domain name, and use that to forward you to their search engine. Verisign could argue they're doing something similar. Obviously it's wrong, but it's more or less what other people are doing.
    • by silentbozo (542534) on Thursday February 26, 2004 @08:15PM (#8403332) Journal
      Very often, when anyone tries to access a now non-existant web page, the ISP owning the relevant server will forward you to one of their home pages.

      They still return a 404 error, or at least, they're supposed to. Get Mozilla Firefox, download the Live HTTP headers extension, and you can verify this for yourself. Also, this is typically within a domain that does exist - it's just the page doesn't.

      Or maybe a web domain speculator will buy up a domain name, and use that to forward you to their search engine. Verisign could argue they're doing something similar.

      Ahh, but SiteFinder works even for domains that have NEVER existed. This means that Verisign is squatting on an almost-infinite number of domain combinations, which they haven't paid a cent for. As scummy and dispicable as webspammers are, this is scum and villany on a grand scale. Worse, it's scum and villany at a very low level - it doesn't just break HTTP, it breaks FTP, SMTP, and a host of other DNS-dependent protocols, AND it affects everyone running a DNS server by loading their cache tables with garbage.
  • ICANN (Score:5, Funny)

    by Anonymous Coward on Thursday February 26, 2004 @07:51PM (#8403106)
    ICANN: Turn of your Sitefinder, or we'll give .com to someone else. And you'll be left as nothing but a dead registrar...

    Verisign: ICAAAAAAAAAAAAAAAAAAAAAANN!

  • Wait a sec (Score:4, Interesting)

    by Dark Lord Seth (584963) on Thursday February 26, 2004 @07:51PM (#8403111) Journal

    Doesn't ICANN hold SOME authority over VeriSign about DNS? Can't ICANN just "pull the plug" and tell VeriSign to go take a hike while they find someone more competent to take care of the root DNS servers? I mean, this is getting more or less ridiculous and as far as I understand it, would severely hamper several spam-fighting techniques used, possibly other things as well.

    Besides, isn't it possible to get rid of the whole root DNS server idea in the first place? The attack on the root servers a few months ago didn't do much damage but it made clear that IF the root server went down ( granted, for extended periods... ) that the internet would be flat on it's arse unless we started using IP adresses. ( Which doesn't solve the problem because of absolute linking used on some websites... Though it would allow other uses again like FTP, SSH, etcetera. ) So why not a root DNS p2p network then? Still the root idea as used for DNS now, but instead of querying a set of dedicated root servers, DNS servers lower in the hierachy would query a root p2p network instead. Give ISPs a server with access to the network, same thing for registrars & co and someone decides to be a prick with DNS records, have ICANN throw them off be severing all communications with the other party's DNS servers.

    • Re:Wait a sec (Score:5, Informative)

      by ahodgson (74077) on Thursday February 26, 2004 @07:59PM (#8403185)
      Verisign doesn't run the root nameservers. They run the .com and .net TLD servers and the database for those TLD's.
    • Re:Wait a sec (Score:5, Informative)

      by mysticalreaper (93971) on Thursday February 26, 2004 @08:55PM (#8403643)
      Can't ICANN just "pull the plug" and tell VeriSign to go take a hike while they find someone more competent to take care of the root DNS servers?

      Yes, they can. And that's why when ICANN threatened them--back when Sitefinder was first turned on--that Verisign listened. Because, yeah, ICANN controls the root, and all authority flows from the root. (the root servers, that is)

      As for your p2p root idea, well... To be blunt, it's a bit naive. First off, where does this p2p network get it's data? Remember, one of the critical ideas behind DNS is that the view is always consistent, there are no conflicting records. As in, www.exmple.com ALWAYS points to the same place, no matter who you ask. There is only one correct answer. (misconfigurations can prevent this, obviously, but that's the design of DNS). So you have to be worried about poisoning, authenticity, you have to trust this network. No current p2p network has my trust.

      I give more reasons, but basically, the DNS system is set up right now with 46 root servers [roots-servers.net] (count 'em). These are generally a cluster of professionally managed servers, dedicated to a single, pretty simple task: Serving the 2000-odd records in the root zone, or returning a failure. That's it. Any suggestion of a p2p network, for it to be accepted, would have to show that this proposed ad-hoc network could provide the same performance and reliability that the current system does. Not to mention re-writing all this software that assumes DNS functions in it's current state.

      To summarize, sure it SOUNDS like a good plan, but for it to actually be considered, it probably has to have actual technical details. And it wouldn't hurt if it came from someone more qualified than Armchair Internet Architect, such as you or I.
  • by Imagix (695350) on Thursday February 26, 2004 @07:52PM (#8403122)
    There's absolutely nothing wrong with Verisign putting up their Sitefinder search engine. What ICANN had an issue with is the mismanagement of the DNS entries. If I want sitefinder, I'll go to www.sitefinder.com. If I go to www.stiefinder.com, I want a "host/domain not found" error, not a search engine.
  • by deniable (76198) on Thursday February 26, 2004 @07:53PM (#8403138)
    Can we have a say please?

    Oh, I'm sorry. I guess not.
  • by Indy1 (99447) <spamtrap@fuckedregime.com> on Thursday February 26, 2004 @07:54PM (#8403140) Homepage
    its patched to block their bullshit site. Besides, if verislime gets sitefinder back up, i am sure the script kiddies will GLEEFULLY dos the hell out of that bitch. (hint hint)
  • by tbradshaw (569563) on Thursday February 26, 2004 @07:54PM (#8403146) Homepage
    Seriously. Why is Verisign still entrusted with the root servers for any top level domains.

    They have abused their position, they are completely untrustworthy, and they are now suing the very body that (I would assume) allowed them to have this power in the first place.

    I want Verisign's power of DNS revoked: Now. What is the inherent barrier? Why are they still allowed to intentionally fuck over the globe?

    Does no one have the revoking power? Is inertia on their side? What is going on that gives them this power?
  • by Mr.Zuka (166632) on Thursday February 26, 2004 @07:57PM (#8403166)
    I also saw the article at CNET [com.com]
  • Damn ICANN! (Score:5, Insightful)

    by GoMMiX (748510) on Thursday February 26, 2004 @07:57PM (#8403167)
    "Today VERISIGN announced it will be suing ICANN for doing their job and preventing VERISIGN from illegally controlling and redirecting internet traffic, it has no legal right to, to their own product."

    Methinks this would be somewhat similar to the US Government making all roads not privately owned lead to a government business.

    I know, that sounds REALLY stupid - the government would NEVER do that. It's moronic to even think of something like that - but, essentially, is that not exactly what Verisign tried to do?

    This also stinks of anti-competative monopolistic activity - as there are other 'site-finding' services out there. Such as Google, AltaVista, etc al... Yet Verisign would be the _only_ company able to perform a service utilizing this method - as they would be illegally tapping into property they do not own - unregistered domain names.

    Stupid ICANN, what were they thinking! They act like they have "responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions."
  • audacious ta-tas (Score:5, Insightful)

    by Doc Ruby (173196) on Thursday February 26, 2004 @07:57PM (#8403172) Homepage Journal
    The "power of audacity" is the order of the day in these Looking Glass times. When an individual person grabs the debate with outrageous claims, it's chutzpa - they can be ignored, jailed, and sometimes staked through the heart. But in a public environment with no real boundaries, millions of bloodthirsty lawyers on bottomless expense accounts, and some inane requirement for all issues to have "balance" between two untenable (and often contrived) extremes, unaccountable (and disaudited) corporations can get what they want by blowing over the top, and agreeing to split the difference, arriving squarely on target. And when they oppose people who merely defend reasonable positions closer to the middle than some self-selected extreme for balance, they win. Every time. Welcome to the abyss.

    "They say ev'rything can be replaced,
    Yet ev'ry distance is not near.
    So I remember ev'ry face
    Of ev'ry man who put me here.
    I see my light come shining
    From the west unto the east.
    Any day now, any day now,
    I shall be released."
    - Bob Dylan, "I Shall Be Released" [bobdylan.com]
  • by Anonymous Coward on Thursday February 26, 2004 @08:01PM (#8403206)
    "We have prepared a response to verisign."

    "*ahem* Fuck you."

    "You may direct your questions towards the wall behind me."
  • by seanellis (302682) on Thursday February 26, 2004 @08:06PM (#8403252) Homepage Journal
    Mr. Sclavos,

    I was dismayed to hear that Verisign has launched a lawsuit against ICANN over the termination of the Sitefinder service.

    I realise that I am only one person, but hopefully you will receive sufficient numbers of messages in similar vein that you will reconsider this action. It can have only one outcome, and this will not be good for Verisign or its shareholders.

    ICANN is a regulatory body specifically tasked with ensuring that the cooperative standards which embody the Internet are administered for the common good.

    Verisign, being in a unique position of trust, introduced a service that rendered the entire domain name mechanism broken.

    Although the service provided may possibly have been useful for web users, the Internet is most emphatically not just the web. By ensuring that nonexistent domain name lookups succeeded, Verisign circumvented the error handling provisions of a large number of IP-based software products.

    You will have noticed at the time that the immediate response from many ISPs was to immediately place local detection and blocking of Sitefinder, in order to restore correct functionality to these applications in accordance with accepted practice. This caused a considerable amount of effort and cost to the businesses concerned, and is therefore a legitimate target for regulation, and the regulatory body in question was the ICANN.

    To attempt to sue a regulatory body for doing its job correctly and effectively is, I am afraid, unlikely to show Verisign in a good light.

    Again, I urge you to reconsider this action.

    Yours,

    Sean Ellis
    Software Developer

    --------
  • by Tajarix (604495) on Thursday February 26, 2004 @08:07PM (#8403258)

    "Working the ICANN process is like being nibbled to death by ducks," said Tom Galvin, VeriSign's vice president for government relations. "It takes forever, it doesn't make sense, and in the end we're still dead in the water."


    Sounds like the last domain transfer I did away from Versign.
  • STUNNING! (Score:5, Insightful)

    by Performer Guy (69820) on Thursday February 26, 2004 @08:13PM (#8403308)
    I'm just shocked, I had to read this again because it is truly stunning, I feel like I've fallen into a parallel universe where Verisign has an innate right to the monopoly they've been granted by the organization they're suing. Heaven forbid that the body created to regulate internet domain name serving actually regulates it! This has to be the most spectacular example of biting the hand that feeds you that I've ever seen. They'd have no business interest if ICANN hadn't handed it to them on a silver platter.

    Verisign should lose all control & responsibility of any TLDs for this, it's just amazing that they could attempt to undermine internet infrastructure like this and then brazenly turn around and sue the regulators.

    They have no shame, it's time to farm TLD administration out to people who are at least slightly rational.
  • by Wolfier (94144) on Thursday February 26, 2004 @08:39PM (#8403494)
    When SiteFinder DOES go back up.

    "Which invalid random URL do you want to visit the next millisecond?"

  • by Performer Guy (69820) on Thursday February 26, 2004 @08:50PM (#8403599)
    This is a classic mismatch. This is basically a fixed administrative contract that they acquired, where they sell names and administer a database. These idiots don't understand this and want to "grow the business". Well they can't do that by abusing the monopoly granted them by fucking with their administrative responsibilities. Just do the damned job, if you have ideas for other businesses fine, but don't dick with the core function that it's your DUTY to administer in the public interest as permitted by congress.

    They don't seem to understand that they're only supposed to sell and administed a bunch of .com domains. That's their mandate, to administer what is basically a public service. They don't seem to understand that congress & everyone else just wants them to perform this fixed funtion and if they dick with it someone else will be found to do it better without the B.S.

    I still can't figure out why they're so spectacularly misguided as to think that this service responsibility gives them the unilateral right to screw with the World's internet infrastructure, and sue the only regulatory body in place to stop their shenanigans.
  • by belmolis (702863) <billposer@alum. m i t .edu> on Thursday February 26, 2004 @09:02PM (#8403705) Homepage

    Its clear that Verisign is irresponsible and can be expected to keep trying to abuse its position running the GTLD servers for .com and .net. As I understand it, ICANN delegated this role to Verisign, so ICANN ought to be able to take it away. Can anyone explain the terms of the current delegation? Is there are contract that will expire in a few years? Did Verisign somehow acquire permanant rights?

  • Charter (Score:5, Insightful)

    by sys49152 (100346) on Thursday February 26, 2004 @09:04PM (#8403722)
    Article 1, Section 1 of the ICANN bylaws:

    The mission of The Internet Corporation for Assigned Names and Numbers ("ICANN") is to coordinate, at the overall level, the global Internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the Internet's unique identifier systems. In particular, ICANN:

    1. Coordinates the allocation and assignment of the three sets of unique identifiers for the Internet, which are

    a. Domain names (forming a system referred to as "DNS");
    b. Internet protocol ("IP") addresses and autonomous system ("AS") numbers; and
    c. Protocol port and parameter numbers.

    2. Coordinates the operation and evolution of the DNS root name server system.

    3. Coordinates policy development reasonably and appropriately related to these technical functions.


    From the Memorandum of Understanding with the U.S. Govt. establishing ICANN, Section II (Purpose), Part B (Purpose):

    a. Establishment of policy for and direction of the allocation of IP number blocks;

    b. Oversight of the operation of the authoritative root server system;


    'nuff said.
  • by rduke15 (721841) <rduke15.gmail@com> on Thursday February 26, 2004 @09:35PM (#8403933)
    If they get their way with site finder, it seems to me a class action suit should be possible.

    Since most non-tech people seem to think that the Internet is the web, let's take the web angle in a very simple way.

    I have a web site. A potential customer mistypes my domain name in his browser.

    1. Without site finder he gets an error and realizes he has mistyped the address, so he corrects the error and comes to my site.

    2. With site finder, he comes to a confusing Verisign page. From there on, who knows where he will get. Probably not to my site. Versisgn is unfairly taking business from me.

    And what about email? Badly addressed email is replied to with a bounce message. What happens when it goes to Verisign?

    Refining on these ideas, I'm sure domain owners with good lawyers could start a class action suit against Verisign.

    (I'm glad that in my country, domain names are managed by a monopolistic body [switch.ch] controlled by the state and some universities. It is cheap, fast, simple and efficient, and there is not a single advertisement when registering or managing domain names)
  • Verisign has very explicit contracts for operating the TLD's and their respective nameservers [icann.org].

    They are in violation of the part of the .COM TLD Agreement [icann.org] which specifies that they must comply with the IETF RFC's, and probably are similarly in violation of their other contracts.
  • by hqm (49964) on Thursday February 26, 2004 @10:06PM (#8404141)
    The right place to put a search engine hook for non-existent domains is in the browser. But by lying about the existence of domains that are looked up, Verisign's sitefinder makes it so nobody can write their own host lookup service for a browser. So they are in fact removing the ability of people to write their own handlers for this conditions, aside from how they break all the other non-HTTP protocols.

    Verisign should have their contract yanked, as soon as possible. No ifs and or buts.

  • by noknownpurpose (756977) on Thursday February 26, 2004 @10:19PM (#8404263)
    I will then sue them under the The Anticybersquatting Consumer Protection Act [keytlaw.com] for every possible instance of a domain name that is "confusingly similar" to any trademark I hold. This should work out to several thousand combinations per Mark. (i.e. d0main.com, doma1n.com etc...) Damages are between $1,000 and $100,000 per domain name plus attorney fees. Between myself and anyone else doign this Verisign will be Bankrupt in no time.
  • by Eric Smith (4379) * <eric@broDEBIANuhaha.com minus distro> on Thursday February 26, 2004 @10:30PM (#8404358) Homepage Journal
    Verisign says:
    'This brazen attempt by ICANN to assume 'regulatory power' over VeriSign's business is a serious abuse of ICANN's technical coordination function.'
    But ensuring that the registry operator's systems conform with the official DNS specifications, including negative responses, is a perfectly legitimate technical coordination function.

    Nothing in the DNS RFCs suggests that a compliant DNS server can return arbitrarily chosen answers in response to a DNS question regarding an unknown domain. In fact, doing so clearly violates RFC 1035 section 4.1.1, which specifies that the response code 3 ("name error", also known as NXDOMAIN) should be returned for that case.

    How can Verisign personnel seriously claim that there is nothing wrong with SiteFinder?

    In my opinion, Verisign already breached their contract to operate the registry when they instituted SiteFinder the first time, and ICANN and the Commerce Department should have started a process to award a new contract to a different registry operator. The wholesale fee of $6/domain/year that Verisign gets is ridiculously large to begin with, which makes it seem even more unprofessional that they deliberately sabotage the registry operation to try to make even more money.

  • by signe (64498) on Thursday February 26, 2004 @10:41PM (#8404451) Homepage
    It really doesn't matter at all. As soon as that first shot was fired (filing the lawsuit), it was over. VeriSign can't win. Even if they won the lawsuit, they still lose, because ICANN will yank their contract at the first opportunity.

    The only way VeriSign can win this is to specify as "damages" for winning that they get to operate .com/.net in perpetuity until they decide they don't want to anymore. And I don't see that happening.

    -Todd

Uncompensated overtime? Just Say No.

Working...