VeriSign Wants Ability To Suspend Domains Without Court Order

GeorgeK writes "VeriSign, the monopoly registry operator for .com/.net domain names, has submitted a proposal to ICANN (PDF) describing an 'Anti-Abuse' policy. If allowed to proceed with such a policy, they would become judge, jury and executioner, with the ability to suspend or even cancel alleged 'abusive' domain names without due process for registrants. The proposal even recognizes that legitimate domain names may be taken down improperly, and offers a 'protest' procedure. However, VeriSign does not appear to offer any ability to protest an accusation of abuse before the suspension or cancellation. They intend to 'shoot first and ask questions later.'"

Of Course...

[Bobfrankly1]

...this presents no opportunities for abuse.

Re:Of Course...

[Anonymous Coward]

Don't forget to pay your $299.99 VeriSign Domain Protection Reactivaton Fee, you cocksmoking teabaggers!

Re:

[MightyMartian]

Mod +10 insightful. That's exactly what will come next, or some sort of Verisign Domain Deactivation Insurance Fee. Why, after all ill deeds of this company ICANN still allowed them within a thousand miles of being primary root/registrar for the two most important TLDs is beyond me. VeriSign has shown sufficient avarice, maliciousness and incompetence on a sufficient number of occasions that it just baffles my mind that they didn't have it yanked years ago.

Re:

[egamma]

VeriSign has shown sufficient avarice, maliciousness and incompetence on a sufficient number of occasions that it just baffles my mind that they didn't have it yanked years ago.

Do you have any assurance that someone else could do a better job? Better the devil you know...

Re:

[Anonymous Coward]

Do you have any assurance that someone else could do a better job? Better the devil you know...

That is the devils argument.

Change, change again, change again and sooner or later you will find something you can tolerate.

Re:Of Course...

[MightyMartian]

I was the network guy for a small ISP when Verisign introduced Site Finder. Believe me, at that point my boss and I decided it couldn't be worse if Satan was running those TLDs, and we weren't quite sure if it wasn't Satan running them.

Re:

[Pf0tzenpfritz]

IIRC, ICANN/IANA tried to sue them out of business in the late 1990s when they partially screwed up DNS (replacing NXDOMAIN answers with their "domain finder" landing page). VeriSign won in the last second using legal tricks and soon made friends with similar minds in the US gov. Since then they grew rapidly and -which irony- went from rogue provider to "security provider" and even CA. Wikipedia has some very insightful articled about the "domain finder" affair.

Re:

[rtb61]

Lets not forget the Verisign complaints fee, register a complaint and pay a substantive deposit to have any name taken down for any reason, all liabilities are yours and Verisign keeps the deposit money. Why the rest of the world hasn't told ICANN to take a leap with Verisign, well, I guess it is only a matter of time.

OF course...

[tjstork]

It will be a mandated purchase, for $499.00, with cost savings to make that $599.00, you cocksmoking occupiers!

Re:

[mcavic]

Like where? .ws?

Re:

[spamking]

Dibs on verisignisthedevil.com.

Re:

[Khyber]

What's sad is your ignorance of the harm VeriSign has caused the internet in general.

Re:

[fuzzyfuzzyfungus]

I'm sure their solid record of "cooperation" will prove a valuable asset when the next round of selecting-the-guys-to-run-the-.com-TLD comes around...

Re:

[HermMunster]

The answer should be not no, but hell no. We don't need VeriSign. We can find other companies that will do what VeriSign does without violating our First Amendment right to free speech.

Re:

[ultranova]

We can find other companies that will do what VeriSign does without violating our First Amendment right to free speech.

That shouldn't be hard, seeing how VeriSign only operates a few database machines. That said, VeriSign doesn't violate the First Amendment, seeing how that only prevents the government from limiting your free speech; as it turns out, that's one Hell of a loophole.

Re:

[HermMunster]

VeriSign, when working in conjunction with the federal government, works as an agent of the government. Hence, denial of their domain would be a denial of their free speech rights which would be a violation of a person's first amendment rights. And it is a first amendment rights violation. Since VeriSign does not own the domain name system nor the certificate system they are working as part of a larger project funded and likely directed by the Federal Government and hence their actions are directly tied

Re:

[Stormthirst]

Good luck with that!

Re:

[HermMunster]

Let's sort of clarify some of this for you guys. Verisign is like a sign company. It simply makes something that identifies you. It doesn't own what is created. For instance, your business name is used as a domain name. Just because VeriSign gives you the domain it doesn't mean that it owns that company name, even within the context of the domain.

If you allowed VeriSign that sort of control it would be like a sign company that made a sign for your business being able to shut down your business because

This is nuts

[GameboyRMH]

Governments and corporations keep leapfrogging each other as the biggest threat to the Internet. How are we supposed to know which threat to focus on dammit!

Re:This is nuts

[dintech]

You just have you realise that Goverment and Corporations are actually the same thing, then your job becomes easier.

Re:

[Pf0tzenpfritz]

Which is very close to the truth in case of VeriSign.

Re:

[Microlith]

Mussolini would be proud.

Re:

[WrongSizeGlass]

Governments and corporations keep leapfrogging each other as the biggest threat to the Internet. How are we supposed to know which threat to focus on dammit!

Don't trust either one. Don't take anything either one says at face value. Use caution before you proceed. The world (and the intertubes) has changed.

Re:This is nuts

[HiThere]

No it hasn't. You've just become more aware. You can trace deals like this at least as far back as the building of the railroads in the US. I believe that Britain has records of similar hijinks that go back to the middle ages. I'm sure other countries do too. They'd go back further, but corporations were invented during the middle ages. Before then, and even while they were developing, most of the slimy deals were made by individual wealthy people. Corporations didn't really become commonly dominant until after WWI, possibly as late as WWII. Before then the major problem was tycoons. And before them aristocrats.

None of them have ever been worth trusting as classes, though I'll admit that individual people were sometimes trustworthy. But that was unusual. Powerful organizations are not trustworthy. It's not money that corrupts, it's lack of consequences. You see it in corporations, you see it in politicians, you see it in police, you even see it in anonymous e-mail. It's pretty nearly universal. Some individual people avoid corruption. But it isn't what one should expect.

This is why control in civilization should be decentralized. So that people can't create for themselves "spheres of invulnerability". But this goes contrary to what everyone wants, because everyone wants a "safe space", where they can control what happens. This isn't a problem, unless that "safe space" infringes on other people.

P.S.: Anyone know a cell phone that has a white-list option? (I, too, want a safe space. A space where I can decide who is allowed to interrupt me.)

Corruption

[fyngyrz]

Money directly causes lack of consequences, or ameliorates them, often significantly. Therefore, money does corrupt. Power likewise.

Re:

[HermMunster]

Every government employee or agent of the government that violates someone's constitutional rights (any and all rights) should be charged with a crime. It is that simple. The law covering that should not allow anyone to be shielded by the government nor pardoned by the government. We'd see far fewer issues where corporations collude with the government....

as clearly is the case with VeriSign today.

Re:This is nuts

[bill_mcgonigle]

How are we supposed to know which threat to focus on dammit!

Don't. Build the distributed replacement for DNS.

Re:

[GameboyRMH]

DNS by it's nature requires some hierarchy. Either that or you end up with a system that's forced to use nonsense names like .onion sites and namecoin.

That said a DNS system could be controlled by a democratic online community, that's probably the best compromise.

Re:

[denis-The-menace]

The protocol between DNS servers would have to be changed in a P2P DNS system.

The protocol between DNS Server and clients would not have to change at the onset. Only once Corps and Govs decide to go MAFIAA on the new DNS system will the Client/Server protocol need to go Encrypted/Obfuscated. /RANT
My grand-children will not believe me when I'll tell them that DNS requests and answers used to be plain text and handled by a monopoly.

Re:

[GameboyRMH]

Yeah the encrypted P2P protocol is no problem, many systems have done that already. Administration is the problem if you want to retain anything resembling the current naming system.

Re:

[denis-The-menace]

That's where Social engineering comes in.
The same system that decides which DNSname belongs to which IP will have to Tamper/Troll proof.
-What happens when a Name changes hands?
-What happens when Judge decides to show the world he knows nothing about the DNS system to please the Rich/Gov?
That's the the fun part.

Gee, I just proved your point!

Re:

[bill_mcgonigle]

DNS by it's nature requires some hierarchy. Either that or you end up with a system that's forced to use nonsense names like .onion sites and namecoin.

The current DNS is a hierarchy, but that doesn't mean that every hierarchy has to be implemented like the current DNS, that every Internet naming system has to be hierarchical, or that any alternate system would require nonsensical names.

Re:

[GameboyRMH]

A DNS system without an administrative body would require nonsensical names. Either that, or a first-come-first-served system, which is probably worse.

Re:

[makomk]

Errm... the entire point of namecoin is that it can be used to register meaningful domain names in a decentralized way.

Re:

[GameboyRMH]

You're right, I did some research and it seems to be a first-come-first-served system (which I acknowledged is another possibility [slashdot.org]), which is easier on the fingers and memory but is actually more chaotic than a system using nonsense names. Domain squatting would be a massive problem.

Re:

[mini me]

Build the distributed replacement for DNS.

So... DNS? DNS is already distributed. You are, however, faced with the age old problem of how to convince everyone else to switch. A few takedowns by Verisign isn't going to do anything.

Re:

[bill_mcgonigle]

So... DNS? DNS is already distributed.

The root of each TLD is centralized. That's how we wind up with TFA's problem.

There's a group that has something working reminiscent of the way torrent magnet links work. I can't remember their name now.

You don't need everybody to switch - you just need to get resolvers to support the alternate lookup method and provide a better solution for enough users. If it works right, most people don't notice the alternate plumbing.

Re:

[vlm]

There's a group that has something working reminiscent of the way torrent magnet links work. I can't remember their name now.

google for namecoin ? For some value of reminiscent, thats correct, for some value of correct anyway.

Re:

[mini me]

The root of each TLD is centralized.

Yes, but there's nothing stopping us as a collective from changing who controls those roots. If we want to give com to Joe Bob, it is just a matter of having everyone update their DNS server settings.

Re:

[bill_mcgonigle]

Yes, but there's nothing stopping us as a collective from changing who controls those roots. If we want to give com to Joe Bob, it is just a matter of having everyone update their DNS server settings.

I totally agree. Then we need to worry about how Joe Bob is going to behave instead of NetSol. Mass-consensus is good, but single points of failure are undesirable.

Re:

[DriedClexler]

Right, except that would fragment the DNS infrastructure and break about 15 RFCs ... not to mention the entire concept of a URL, which is supposed to mean UNIVERSAL Resource Locator.

That's "Universal" as in, you won't have to say, "oh, yeah man, just go to example.com ... on MicroDNS, not QuicknetDNS."

Re:This is nuts

[bill_mcgonigle]

All true, and great for a time when John Postel was what it meant to run a registry. The RFC's didn't anticipate the kind of interference that NetSol is proposing.

There doesn't have to be namespace collisions, though. Why is it that Visa cards are all 4xxx, MasterCards are 5xxxx and Discover cards are all 6xxx? Couldn't Visa start issuing cards in the 5xxx range? Of course, but it's mutually beneficial for all of the players to interoperate. Nobody would trust a name service provider that was purposefully destructive (unless forced to through monopoly) so we would expect they'd operate in a trustworthy manner by default.

Also look at the world BGP routing table. It's all distributed, you have to earn trust to participate, and there are occasional mistakes. Even still, it lets me get these characters from here to wherever Slashdot's server are, and has proven effective, even if there's room for improvement. Imagine if everybody had to go register their routes through a single route registrar and make changes on their website.

Re:

[DriedClexler]

Alright, points taken and I withdraw my objection (to the extent that has any significance on Slashdot). You certainly know the topic better than I.

Re:

[BitZtream]

You can not show any single system that is entirely distributed, even all P2P crap that is 'distributed' ends up with a central starting point in order for it to be useful.

Bittorrent? Useless without trackers and torrent sharing websites ... the trackers clearly can go away, but still need the central directory for sharing files.

P2P file sharing ... guess what? Same thing, still need a central starting point to find everyone else.

Anarchy doesn't work for anything other than Anarchy. What happens when you

Re:

[icebraining]

Bittorrent already works fine without trackers, it uses DHT. You just need one - any - node to connect.

As for torrent sharing websites, how are they centralized? Anyone can build one. You can put the same torrent file on multiple, so even if one is taken down it still works.

Hell, here [magnet]. Slashdot is now a torrent sharing site, thanks to magnet links. How's that for decentralized?

Re:

[Gideon Wells]

People who are greedy, people who are power hungry, etc. are the same no matter where. They go to where the path of least resistance is. In some countries they are the inner party. In others they wear top hats and monocles. At times they lead the guilds/unions. Sometimes they co-opt the press. In some they have the top hats, inner parties, unions and press badges.

The Noble Peace Prize was created after Noble realized his peaceful and life saving invention of TNT had been co-opted for war. TNT is just

Re:

[rahvin112]

Or the invention. It was dynamite, not TNT. Two completely different things.

Pretty domain. 'Shame if something were to happen.

[cgenman]

I'm sure they will offer a service where your domain is "Pre-Verified" and not subject to abuse takedowns... For $1,000 per year, of course.

Re:

[fuzzyfuzzyfungus]

$1k/year? Can I get your Verisign rep's number?

Slightly used domains for sale

[wulfbyte]

Doesn't matter if the original owner doesn't want to sell, for a price it can be made available.

Domain Names are Corporations are people!

[140Mandak262Jamuna]

Domain Names have all the rights of corporations which are people ?

Many of these abusive domains are very fleeting and transient designed to live for just a few hours. If you want due process, it has to come before the registration. So domain name registration would then follow guidelines similar to Trade Mark and other corporation registration rules. It would slow down the registration process a lot and impact the fees Verisign is currently collecting. The domain name abuse is getting to be very bad, and it could trigger legislation. Legislation by the congress critters who imagine internet to be a series of tubes would put onerous burdens in the registrants and the registrars. So it is heading it off at the pass.

Re:Domain Names are Corporations are people!

[Miamicanes]

Well then, a reasonable compromise to limit the potential for collateral damage might be a rule that makes it impossible for them to suspend a domain that's been registered in good standing for more than a year without full due process, and provides a way to register a domain quickly, but subsequently complete a more exhaustive registration process that -- when completed -- immediately grants the domain the same protected status as one that's been around for more than a year.

That way, they can still nuke botnet command & control domains, but somebody whose domain has been around for more than a year (OR who has completed the more time-consuming registration procedure) could sleep at night knowing that Metaphorical Judge Dredd isn't allowed to touch THEIR domain. It wouldn't completely eliminate collateral damage, but it would eliminate the overwhelming majority of situations where a legitimate domain owner could suffer financial damage due to a careless or hasty employee somewhere.

Re:

[vlm]

That way, they can still nuke botnet command & control domains

Not sure why that is the responsibility of the DNS registrar. Sounds a heck of a lot more like an ISP's job at the level of the IP router / bgp feed / resolving dns server.

The purpose is probably a lot more oriented toward pirate bay, planned parenthood, 4chan, those type of dns names.

Re:

[ShavedOrangutan]

Planned Parenthood? I think you put your tinfoil hat on too tight today.

Re:

[sjames]

There are some conservative factions that consider Planned Parenthood to be the work of the devil.

Re:

[BitZtream]

Its funny that he throws Planned Parenthood into a group with others that are confirmed criminal by any sane person on the planet.

Re:

[BitZtream]

That way, they can still nuke botnet command & control domains, but somebody whose domain has been around for more than a year (OR who has completed the more time-consuming registration procedure) could sleep at night knowing that Metaphorical Judge Dredd isn't allowed to touch THEIR domain.

Yea, and so can the spammers who have been planning for this to go into effect and have had thousands of names registered for over a year now through various individual names and companies.

They can use one a day and even if it gets cut off within a few minutes of the spam starting, they'll still be making a fortune off of them.

Spammers are more than willing to play be any technical rules you want to throw at them. More spammers use SPF and Domain Keys to prevent getting marked as spam then normal mail serv

Re:

[fuzzyfuzzyfungus]

That should provide robust protections for, oh, anybody who can afford a protracted legal battle... Shouldn't be a problem.

Re:Sounds like a fine idea. . . .

[TouchAndGo]

Add in the fact that they'll probably start slipping forced arbitration clauses in their contracts like a lot of companies are doing and I can't see this going wrong at all

Re:

[fuzzyfuzzyfungus]

Are you suggesting that a kangaroo court where one of the parties gets to hire the judge, there is no jury, no record of the proceedings, and no requirement that the decision be made in line with settled law isn't Fair, Just, and Efficient?

Some people just hate America, I guess, can't reason with 'em...

Re:

[GrumpySteen]

You clearly didn't read the linked PDF file...

(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and
employees;

They won't start slipping in forced arbitration clauses because they're already in there. They literally stated that the new policies are meant to avoid any liability for their actions.

Anonymous

[tekrat]

I think it's time for Anonymous to take down Verisign...

Re:

[Moheeheeko]

Sure, like THAT wouldnt add more fuel to the fire.

Re:Anonymous

[fuzzyfuzzyfungus]

A DDoS or a petty "doxing" would be boring; but my schadenfreude lobe would be pulsating with happiness if their private signing key(s) were to make their merry way into the world.... Can you imagine the mayhem?

Re:

[shentino]

I'm all for it if it gets ICANN to terminate Verisign's .com and .net registry contract.

Re:

[Pieroxy]

Well. It'll take that to make people think about our crappy system controlled by corporations. Then, maybe, we'll find and adopt something that actually works and is secure.

That said, I have an interior grin (correction, it just came out) just thinking about the face of the top-management at VeriSign the day they discover their private keys on the web.

Re:

[DriedClexler]

You know what would be even cooler? If Anonymous found a polynominal-time method of factoring large semi-primes, thereby breaking the RSA cryptosystem, and published the algorithm!

Now *that* would cause mayhem, and be perfectly legal too!

It's a little harder though.

Re:

[BitZtream]

No, it shows that you have a really childish view of the world and you need to grow up.

I effect Verizon EVERY FUCKING DAY by not paying them a god damn dime. There are legitimate ways to deal with businesses, and there are childish, obnoxious and criminal ways to deal with someone. I choose the former, and you're too ignorant to know the difference between it and the latter. The thing is, Verizon ISN'T THAT BAD, because people still give them business BY CHOICE.

The difference is, the issue thats got your

Summary execution

[pablo_max]

I am asking for such powers. Just because I asked for it, does not mean I will get it.

Two word - F*** OFF

[Assmasher]

Seriously, as if they wouldn't abuse their position, yet again...

I support it....

[Lumpy]

IF they make Digital trespass, I.E. cracking into any company's servers and DDOS attacks legal activity. I fully support them being able to do DNS resolution Attacks on their customers.

Re:

[Anonymous Coward]

Revoking DNS will do nothing to block DDOS and similar outgoing hacks. It could be used to quickly take down scam/malware pushing sites though.

Re:

[BitZtream]

IF they make Digital trespass, I.E. cracking into any company's servers and DDOS attacks legal activity.

In America thats already true.

Any Unauthorized access to a computer system is prohibited by law and punishable by large fines and jail time, has been since Mitnick's time at the least.

Re:

[BitZtream]

I should add, that 'unauthorized' means any sort of access you aren't allowed to do, regardless to how you do it. Doesn't matter if I say 'The password to my account is fifty7', unless you are specifically authorized to use it, its still illegal for you to do so, just like its illegal for you to enter my home even if you found a key without my authorization.

Yes, I read the FA.

[poofmeisterp]

They intend to 'shoot first and ask questions later.'

This is helpful for potential malware/virus/etc sites - take it down NOW and address afterwards. As long as the ones taking the deactivation move witness it themselves, it's doable.

The problem comes with reports. Let's say you get 100 reports of a domain being a nasty one in a 5-minute period of time. You just *wham-bam* take that domain down without looking at it and you could have just been the worst link in a staged act chain.

I'm not trying to be an ass, but I'm posting what I witness daily: Everyone wants to save money, including big companies. If VeriSign were to have this ability (along with other TLD registrars), then they will likely want to automate everything they can. See paragraph 2 above.

Re:

[shentino]

Here's a good way to avoid that.

Require forced takedowns to be backed by affidavits signed under penalty of perjury.

Then someone who lies to the registry and causes a false takedown gets fined or locked up.

Monopoly?

[JustAnotherIdiot]

Don't we have laws and such against these? For what reason is this company still whole?

Re:Monopoly?

[imric]

You can be a monopoly. It's not illegal.

It's illegal to abuse monopoly status, though.

Re:

[JustAnotherIdiot]

Something like this seems to fall under the category of "abuse", but I'm sure the well oiled lawmakers see it differently.

Re:

[imric]

*chuckle* Not the power to abuse, but the act of abuse. Lawyers will get paid every time it happens. *cha-ching*

Re:

[russotto]

Something like this seems to fall under the category of "abuse", but I'm sure the well oiled lawmakers see it differently.

The US government WANTS this. They can then do takedowns without even the pro forma court-orders they get now; just a word to Verisign and the domain is gone, no questions asked.

And this is how censorship is privately done.

[unity100]

See. If you 'let it be' and everything becomes private, you end up in that situation - private parties, on which you have no rights over, decide how you live your life. what you hear, what you can know.

Re:

[BitZtream]

I can choose to use a TLD other than .com, making this another one of your angsty yet utterly ignorant posts.

yes.

[unity100]

and the interests behind this will be as stupid as to not pursue any further avenue to censor is it. are you forgetting that icann is a private american corporation, and currently holds domain name system ?

Process

[MrSmith0011000100110]

What's the process to report an abusive domain? I've taken as much abuse from these people as I can stand. I'd like to report verisign.com

Re:

[shentino]

verisign.com has sovereign immunity because it is owned by the registry responsible for the domain it is under.

See: allodial title.

If you have any beefs with verisign's handling of the internet you'll have to take it up with ICANN.

Send Comments to ICANN

[GeorgeK]

Thanks for accepting the article. ICANN is still reviewing the proposal. If folks share my concerns, please do send them your comments by emailing registryservice@icann.org (from the top of ICANN's Registry Services Evaluation Process page [icann.org]). You can view comments by others here [icann.org]. EasyDNS has submitted their concerns too.

At a minimum, they should open up a formal 30 day public comment period that is widely advertised, in order that domain name registrants can be heard.

This might make sense for domestic-only...

[davidwr]

... in countries where the government-licensed utilities already have this power.

If TLD management were split among countries, so that Verisign handled .com and .net for US-based companies and foreign subsidiaries or foreign registrars handled it in foreign countries, then this kind of power might make sense for some foreign subsidiaries of Verisign or for some foreign registrars.

As for companies based the United States who use a domain registrar in the United States, yanking a domain name without a court o

Just say no to idiocy

[RHoltslander]

Just say no to idiocy. I hope their "proposal" is rejected as the bad idea that it is. Mind you, it just encourages me and everyone else to dump this monopoly in favour of other ones that are less obnoxious. I.e. other domain registries e.g. country codes or .org or whatever.

Re:

[HiThere]

Unnh...ICANN is authorized by act of congress. They have a contract with Verisign. So this is a legally authorized monopoly.

You can only "dump it" by refusing to use the *.com and *.org domains. (I *think* org is the second one.) So the question would then be "Who do you want to register your domain with?". Fortunately there are more answers this year than there were a few years ago, and fewer people are even aware what the domain is...but I'm always a bit hesitant when the link is to a domain that I d

This is a great idea.

[idbeholda]

I propose that they should not only implement this idea, but to track down the offenders and subject them to a gratuitous full body cavity search. You should be glad they won't need or require your consent, as this will be for your own good.

Get fucked Verisign

[thetoadwarrior]

Anyone who thinks this won't be used to either bully the little guy into giving up his domain for corporations or just milk more money from customers is being very naive.

There are some benefits to a policy like this

[jeffnathan]

If you sum the number of days in each step of the Uniform domain name dispute resolution policy you quickly see that it can take tens of days to get a malicious domain shutdown. ICANN has long been in need of the ability to quickly react to burgeoning threats and though the ambiguity of the policy as described is concerning it's not without merits.

In other words

[sl4shd0rk]

Verisign wants all your base are belong to us

"Did not consult with end users"

[Animats]

Q: Were consultations with end users appropriate? Which groups were consulted? What were the nature and content of these consultations?
A: As a registry operator, Verisign did not consult with the registrants of .com/.net/.name domain names.

Verisign is trying to expand their central but minor role as a registry operator into control of the whole system. Their agreement with ICANN expires on November 30, 2012, and, ICANN could choose to get another registry operator. Right now, no proprietary technology or big staff is needed to be the registry operator. This added complication would make it tougher for ICANN to switch registry operators.

So that's why they're doing this.

take away ssl certficate power from corporations

[rubycodez]

The whole certificate process is flawed, instead we should just have a way of proving that the authoritative dns servers of a domain agree a web site is the legitimate one. This can be done with public keys and crypto fingerprints. No need to pay the kind of scum that runs Verisign (the company that broke the internet one day with their money grubbing schemes) any money.

Re:

[MightyMartian]

If ICANN wouldn't tear those TLDs out of Verisign's hands despite the fact that they basically broke DNS (and a bunch of other things, most infamously a lot of SMTP anti-spam measures) with their "Site Finder" service, I doubt very much that there's anything Verisign could do right now that would compel ICANN to go after them again.

Re:

[maxwell demon]

They cannot be shut down, nor stopped. That is a wonderful thing - as long as a government has the ability to do something, it will find a way to use it to the detriment of its people. The best way to fight that is to remove the weapon from their insane fingers...

VeriSign now is the government?