Paul Vixie And David Maher On VeriSign Wildcarding 264
chromatic writes "The O'Reilly Network has just published an interview with Paul Vixie, chairman of the board of the Internet Software Consortium and a primary author of BIND. Topics include the recent VeriSign controversy, ISC's BIND patch in response, and other potential issues that might come to light in the near future." On a related note, dmehus writes with a link to the letter sent by David Maher, chairman of the Public Interest Registry -- the .org registrar, to ICANN President and CEO Paul Twomey. "The letter says that it supports ICANN's call for VeriSign to voluntarily suspend SiteFinder and the Internet Architecture Board preliminary position paper. It goes on to say that PIR will not be implementing any DNS wildcard to the .ORG zone. It urges ICANN to stand its ground, but also to implement a policy preventing registries from taking this kind of unilateral action in the future." The letter is in .doc format, but AbiWord and OpenOffice.org both open it fine.
Know what's great about these Verisign stories? (Score:5, Funny)
Re:Know what's great about these Verisign stories? (Score:2, Interesting)
Verisign has certainly been building up hatred for a long time.
I propose a battle between the two for the ire and dislike of
Been there, done that (Score:2)
googlefight.com
sco( 300 000 results) versus verisign (1 760 000 results)
The winner is: verisign
Re:Been there, done that (Score:2, Funny)
Therefore, SCO sucks more! (for now)
Re:Been there, done that (Score:5, Funny)
Re:Know what's great about these Verisign stories? (Score:5, Insightful)
That's one I won't be reading...
To be honest (Score:2, Flamebait)
Re:To be honest (Score:5, Insightful)
You're telling me that if you get a "server not found" page, you're too stupid to figure out you misspelled something?
This is an absolute abuse of Verisign's position. They are contracted to *maintain* the database, not warp it to their own *commercial* purposes. If this was actually a valid service, they would have had no trouble with proposing it to the Internet standards bodies before implementing it. Instead, they're defying those organizations. Worse yet, they've actually put me in the position of agreeing with ICANN.
Re:To be honest (Score:3, Informative)
As has been said numerous times, this has nothing to do with the "root" servers, only the com and net TLD servers. ISC has already produced a very nice fix for Bind 9 so this doesn't really affect people using it anymore. Just designate the com and net zones as des
Re:To be honest (Score:2)
Not that this solution means that VS is righ
Re:To be honest (Score:5, Informative)
Verisign is being extremely short-sighted. This whole deal reeks of a moronic manager who thught this would be a 'wonderful' idea.
Re:To be honest (Score:4, Interesting)
The Executive Team (Score:3, Informative)
http://www.verisign.com/corporate/about/executive
Re:The Executive Team (Score:5, Informative)
Re:To be honest (Score:2)
Re:To be honest (Score:4, Insightful)
With those words (an absolute abuse) you just described most of what Verisign has done.
Folks should remember, this is the company that was contracted to *maintain* the database until one day they decided that they *owned* the database... (errr... okay... if I get paid to clean all the cars at the dealership can I decide one day that I own them all and get away with it?)
And yet somehow years after that magical acquisition of property rights they've still got the contracts. They've gotten away with all kinds of stuff and like a spoiled child they'll keep taking more until (if ever) someone takes away their privileges and sends them to time out.
Gotta agree with you that there's no way that any benefits that stupid Sitefinder page provides make up for the abuse of position and random chaos it's caused.
Re:To be honest (Score:5, Insightful)
I think the main thing that has admins screaming, however, is that SiteFinder breaks so many other services just to provide a questionable service for web surfers. Sure, surfers may benefit, but email admins, DNS admins, and many others are banging their heads against the wall because of the problems Verisign's divergence from accepted protocol has caused them.
Just a thought.
Re:To be honest (Score:5, Interesting)
(Posted anonymously to avoid a rampaging mob outside my house)
I'm a professional spammer. Well, that's a harsh term. I run bulk-email servers. I trust my clients that their entire list has double opted-in when they say so. Most are quite legitimate mailing lists; some are probably not.
This new bug is a godsend, but not for the reason a lot of people are saying. I don't fake "from" addresses, so I don't get any added anonymity from a wildcard.
What I do get is the ability to send my emails that have bad domains in them to a nominally but not effectively existant box at Verisign. I no longer get bad domain bounces to worry about.
Re:To be honest (Score:2, Insightful)
Verisign can essentially force spammers to take wild shots in the dark. Now, instead of being able to scan for dead email addresses and domains, they have to mark all addresses on their list as current. They simply couldn't know whether an email address was taken offline because any bad address goes to the big Verisign server in the sky.
So this makes the spammers' work more expensive through higher fees from people like yourself who are act
Re:To be honest (Score:2)
Besides, sitefinder is a pretty obvious address. Even if you wanted to keep addresses @ A records, you could just filter out a single IP.
Re:To be honest (Score:3, Informative)
VeriSign's mail server is called the Snubby Mail Rejector Daemon v1.5
v1.3 wasn't fully SMTP compliant: See here. [ietf.org]
v1.5 now responds a little more properly: See here. [ietf.org]
It rejects them anyway.
Re:To be honest (Score:5, Insightful)
Re:To be honest (Score:2)
Odd that we haven't heard from MSFT on this one. Perhaps their lawyers are still niggling the words of their complaint, but I have to believe that MSFT will come after Verisign.
Of course, then we get into a "who do we hate more" conundrum, but they're always entertaining.
Re:To be honest (Score:2, Insightful)
Re:To be honest (Score:3, Insightful)
Re:To be honest (Score:3, Interesting)
The "fix" is in the wrong place (Score:2)
Your user agent (ie your browser) is what should be doing this for you if you so desire.
Re:To be honest (Score:2)
It's not everyday you see a +5 Flamebait.
Re:To be honest (Score:2)
Re:To be honest (Score:5, Informative)
You don't get to in this case.
Also all the world is not http... the protocol level is the worst possible place to do this.
Re:To be honest (Score:2, Insightful)
On the other hand, using software that thinks it knows what I want better than I do annoys me. Like if I'm sending a user a printout with the username and password I've assigned to them and the stupid work PC I'm using has Word setup to capitalize things
Re:To be honest (Score:3, Insightful)
So you have a program which checks your spelling but you don't have a spellchecker. That's an interesting viewpoint. You'd never catch me using that crappy unleaded petrol; I much prefer the petrol with the lead taken out.
TWW
legalities (Score:5, Insightful)
Re:legalities (Score:4, Informative)
when you buy a domain from rcom, your page automagically defaults to a page. This page is pretty much an advertisement for rcom and such. it drives revenue towards rcom.
many MANY people thought this was crooked, so there was a civil suit.. which rcom lost.
I couldn't see a case like this wouldn't run the same, since both the rcom parked-page service and this have search links and nifo that drive revnue to their respective companies...
Re:legalities (Score:4, Insightful)
This lawsuit was fairly frivolous if you ask me. It was covered on Slashdot a while back here [slashdot.org].
This is nothing like the Verisign case - what they are doing is abusing a monopoly position, and in doing so, causing havoc with a number of internet-based pieces of software, most notably spam filters.
Re:legalities (Score:4, Informative)
if i register abacadaba.com, and abacadaba.com becomes the biggest thing next to yahoo and slashdot combined with sex.com... everyone would want to go to abacadaba.com, or so i hope.
all mispellings on my idea, and my trademark if ihave it trademarked, will go to versign. they'd effectively be making money off of me via a transitive property.. sorta. people want to see my site which makes money, verisign takes all mispellings of my site.. people make verisign money!
whoa.. i think i just proved step 2
Re:legalities (Score:4, Funny)
Please, please, please never suggest slashdot combined with sex.com again.
The vision that flashed in my head when I read it made me what to flush my eyes with acid while destroying my occipital lobe with a baseball bat.
And I don't think I'll be able to keep down food for a week.
Re:legalities (Score:2)
Going through all of the DNS RFC's, all of them assume or require that when a name is not found, the DNS server return an error.
Going through them in historical order: RFC 811 specifies that if the name is not found, a 'NAMNFD' code is returned. RFC 1034 also talks about sending "a name error indicating that the name does not exist" and "A name error (NE). This happens when the refer
Re:legalities (Score:4, Informative)
I believe that Verisign's use of a wildcard to map all DNS requests for *.com to their web site violates the relevant RFC's.
Going through all of the DNS RFC's, all of them assume or require that when a name is not found, the DNS server return an error.
Going through them in historical order: RFC 811 specifies that if the name is not found, a 'NAMNFD' code is returned. RFC 1034 also talks about sending "a name error indicating that the name does not exist" and "A name error (NE). This happens when the referenced name does not exist. For example, a user may have mistyped a host name." It also discusses caching name errors for efficiency, which of course only makes sense if the authoritative DNS servers actually issue name errors (which Verisign is now not doing). RFC 1035 specifies that if "the domain name referenced in the query does not exist" that a "Name Error" be returned.
There is a wildcard mechanism in RFC 1034, but it's defined to apply to '"*.<anydomain>", where <anydomain> is any domain name' which makes it pretty clear to me that it's not intended to apply to domains. To emphasise this, all of the examples of DNS wildcards are of the form *.X.COM or *.A.X.COM.
I think Christmas Islands needs to follow Verisign (Score:5, Funny)
Re:I think Christmas Islands needs to follow Veris (Score:2, Funny)
Just surf slashdot at -1, and you'll never need to type goatse.cx - thus, no worries about mis-spelling it.
Get your Patched BIND for Slackware (Score:5, Informative)
The more ISPs that use this, the more uncommon the SiteFinder 'service' becomes---the less users expect it.
Remember when popups where not expected? After using mozilla for a while I simply cannot stand them now!
---
Re:Get your Patched BIND for Slackware (Score:5, Informative)
Re:Get your Patched BIND for Slackware (Score:4, Informative)
Or if you're running BIND 9.2.3rc3 just add: options { root-delegation-only exclude { "cc"; "de"; "lv"; "museum"; "org"; "us"; }; }; This SHOULD be the default behavior for TLDs IMHO and I'm glad they're introducing the exclude list behavior.
Re:Get your Patched BIND for Slackware (Score:2)
Debian? (Score:2)
Would be great to apt-get upgrade and see this in there by default...
Re:Debian? (Score:3, Informative)
Re:Get your Patched BIND for Slackware (Score:2)
Is there any other more trusty place to d/l from?
DNS tweaker for Windows (Score:4, Interesting)
Yours truly put together quick utility - dnsfix [cipherica.com], which monitors inbound DNS responses and tweaks result codes from 'success' to 'no-name' for those referencing specific IPs. In other words, it can be used to transparently negate the effect of VeriSign's SiteFinder "service" and restore DNS behaviour expected by (currently broken) spam filters and alike.
Now this is interesting (Score:5, Interesting)
Some people suggest that administration of the DNS is a public trust, and that VeriSign is merely the caretaker of this system, not its owner. And now VeriSign has abused that trust. That may be true. Before a few days ago it didn't matter whether VeriSign was the owner or a caretaker. Now it matters a lot. VeriSign kicked a sleeping dog. It's a bizarre thing to do. Was it really VeriSign's decision to make, unilaterally? Did it need permission to make this decision? If so, what entity has the authority to grant such permission?
If you think about this from a social point of view, not just technical, this is absolutely fascinating (rather than just irratating/punch-provoking): here's an ability, that was theoretically possible all along, to have this big effect on something lots and lots of people use. No one made use of it before. Now someone has, and it's
Who's responsible? Who gets to say "No, you can't do that", or "Yes, you can"?
I know what I think is the right answer, and it's what (probably) the rest of you think. But the final answer isn't up to you and me, or at least not you and me alone. Watching that process of who-gets-to-decide is going to be at least as interesting and precedent-setting as what the final decision ends up being.
Re:Now this is interesting (Score:5, Insightful)
There's a certain relationship between a consumer of infrastructure and a provider of it. The consumer must trust the infrastructure to do what it is supposed to do, and nothing more.
This is no different from ISPs randomly redirecting users to their own branded search engine when you type in "www.google.com", or an ISP's employee intercepting passwords and using them to steal money.
Infrastructure providers inherently have a lot of control over the services they provide. There is a duty there to provide the service as expected, without changing the content that is carried.
Verisign's position as a chartered monopoly makes this duty even more important, because consumers have no choice to use an alternative.
I'm not sure what you mean by "No one's made use of it before"... No one else could make use of it (in
Other CCTLDs have used wildcards before, but no one much cares about some island that is abusing the CC system to make extra money.
Re:Now this is interesting (Score:5, Interesting)
Bad choice of words: As you mentioned, I understand that other TLD registrars have made use of this before. Amended sentence: no one in this position of power (.com and .net being what they are) has made use of this before.
This:
This is no different from ISPs randomly redirecting users to their own branded search engine when you type in "www.google.com", or an ISP's employee intercepting passwords and using them to steal money.
and this from the comment below:
I do....I, and all the other sysadmins out there, decide whether SiteFinder works or not.
are exactly what I'm talking about when I say that this debate is fascinating. In all honesty, I'd give a lot to sit down w/whoever at Verisign and ask them these same questions -- not necessarily to provoke the answer that I feel is right, but just to see how separate groups of intelligent people come to utterly different answers about these questions.
Re:Now this is interesting (Score:5, Insightful)
I do. I run the DNS servers at an ISP, and I am planning to apply the ISC patch that restricts delegation from root servers (as soon as the bugs are shaken out of it -- give it a week or two.) I, and all the other sysadmins out there, decide whether SiteFinder works or not.
Re:Now this is interesting (Score:3, Interesting)
I guess if you look at the way Verisign has tried to build
Re:Now this is interesting (Score:4, Interesting)
How about we give verisign what it wants - traffic to nonexistent domains.
People with webpages should start having 1x1 img links to nonexistent domains. Should be one pixel by one pixel, in case the image from verisign is not desirable.
e.g. img src=http://www.asdasdnrerwtc.com/ height=1 width=1
That way verisign gets traffic for every page.
You can even make a "broken ribbon" logo with a fancy table and lots of 1x1 images and coloured 1x1 image. There's a small chance it could get subverted and show the wrong image.
Entirely a nitpick, but... (Score:3, Informative)
Though I agree with everything he said (and thought he did so quite eloquently), it's a bit disheartening to see the chairman of the ISC refer to NXDOMAIN as a 404.
Re:Entirely a nitpick, but... (Score:2)
And where have we heard that before? **cough*ralsky*cough**
Anybody know Verisign's CEO's home address? (Score:5, Funny)
We can say that we were all on our way to the grocery, made a wrong turn, and ended up at his house.
Then we can demand to buy groceries.
I'm sure he won't mind. Everyones ends up at his site for that reason, right?
Re:Anybody know Verisign's CEO's home address? (Score:5, Funny)
Try some of these:
Clean, to the point. [idontappre...search.com]
A little better [verisignsc...monkey.net]
the best I've got. [mayverisig...allrot.com]
Oops. (Score:2)
Can't do that here... (Score:4, Funny)
Re:Anybody know Verisign's CEO's home address? (Score:3, Informative)
Not done yet? Uh huh, keep reading.
Fine, I'll snip out the relevant parts for you:
.ORG Letter in plain text for MS Haters (Score:5, Informative)
President & CEO
ICANN
4676 Admiralty Way
Suite 330
Marina del Rey, CA 90292
September 22, 2003
Dear Paul,
Public Interest Registry (PIR), the operator of the registry of the
PIR also supports the Internet Architecture Board (IAB) statement on the same subject as set forth at:
http://www.iab.org/documents/docs/2003-09-20- dns-w ildcards.html
DNS is a critical piece of Internet infrastructure. Internet services such as the WWW and Email rely on DNS to function, and there should be no interference with the established protocols until there is complete assurance of no negative impact on the DNS.
In another context, the Internet Architecture Board (IAB) has commented:
"At the core of all of the IAB's concerns is the architectural principle that the DNS is a lookup service which must behave in an interoperable, predictable way at all levels of the DNS hierarchy. Furthermore, as a lookup service it is such a fundamental part of the Internet's infrastructure that converting it to an application-based search service
Page 2
appropriate even in the case where the query presented would not normally map to a registered domain."
The architectural principle referred to by the IAB is clearly violated by the changes proposed for the
On Monday, September 15, VeriSign changed the behavior of the
Because the VeriSign Site Finder server makes it appear that a non-existent domain exists, the service introduces significant problems to critical Internet infrastructure. Many other important Internet protocols rely heavily on proper DNS behavior. The impact of VeriSign's Site Finder is unclear with respect to security of the DNS. Site Finder unilaterally precludes the use of a prevalent type of anti-spam mail filter that uses DNS to validate the domain of legitimate eMails.
Because VeriSign's servers are authoritative for the
We are informed that other domain registries may be exploring services similar to the VeriSign Site Finder. (As noted above, PIR will
Page 3
not be one of them.) If this is the case, our comments concerning Site Finder apply with equal force to those other services. We believe that any such efforts to alter the TLD DNS systems, of which the VeriSign Site Finder appears to be the most prominent example, adversely affect the Internet infrastructure and the entire Internet community.
Therefore,
Oh, and for those of you who like plain text: (Score:3, Informative)
First they came for .cx (Score:5, Funny)
Then they came for
but I didn't care because I haven't been in one in ages.
Then they came for
But I didn't care because I've never heard of them.
Then they came for
and nobody cared because it's common business practice.
Note: according to a posting I just looked up, at least 11 TLDs (.cc,
Re:First they came for .cx (Score:3, Insightful)
Re:First they came for .cx (Score:4, Informative)
Why? Well firstly, .musuem is a highly restricted domain, and secondly it's all to do with how museums operate. If I go to the London Science Museum and start asking for paleontology information, they will redirect me across to the National History Museum. The wildcarding is just a virtual way of helping people find what they are looking for, which makes sense.
".com" on the otherhand, is a largely unregulated free for all of firstcome first served registrations and lawsuits, trying to apply a structure to that is insane. A good analogy I saw from another poster here on Slashdot was the difference between the alt.* and comp.sci.* heirarchies on Usenet. Do *you* want to try being a moderator on .alt?
.org, .us, .do .it (Score:5, Interesting)
For those in the
The only thing Verisign will understand is people speaking with their dollars. And yes, I personally have switched my domains over to
Sure, business cards and letter head still say
Re:.org, .us, .do .it (Score:2)
Did anybody have any luck (Score:5, Interesting)
I'd appreciate any suggestions.
Re:Did anybody have any luck (Score:2)
~Will
Re:Did anybody have any luck (Score:2)
The root of the problem (Score:4, Insightful)
Verisign Troubles? Contact these people: (Score:5, Informative)
By email, phone, fax, telegram, or letter (or better, several of these), let them know what you think. These are the people who can give Verisign reasons to change their behavior.
Stop Verisign DNS Abuse Petition (Score:5, Informative)
It's now here [whois.sc] having been Slashdotted last time....on a better server this time, though (we hope!), so be gentle....
It's good to see that PIR is taking the high road. If .com/net are ever redelegated, I'd much rather they run it, than someone who would be looking for every opportunity to squeeze out nickels and dimes ($100 million/yr!) from the internet community, via abuse of their monopoly. Or, perhaps a corporation with a solid reputation (maybe IBM?) would step up, to replace Verisign.
bootleg patches? (Score:3, Interesting)
Take back the roots (Score:5, Interesting)
Why not just take back the roots? The only reason Verisign can do what they do is because the GTLD servers they control are delegated to by the root servers (not sure who controls those anymore, but it can't be good). And those root servers are configured in the hint file of name servers all over the internet. So who controls those? We (who have our own name servers) do.
It's a little harder, but not a lot harder, to just run your own root zone. The biggest thing is to gather up all the NS records and associated A records for each TLD. That's a small list (relatively speaking), so it could be done via a few hundred dig commands to the root servers. Or it can be downloaded. Now once you have that data, you replace the .com and .net zones with your own. Of course that begs the question, replace it with what?
If enough people with enough server/network power get together, they can make their own independent "realm" of domain name space, starting with a replacement root zone (as has been done in the past to add new TLDs), and a replacement for both .com and .net.
I can just hear the complaints now (and I've heard them before): "But this will fragment the internet". My answer is: Yes!!!! yes it will! all the better. Imagine being in a whole different name space realm away from spammers and evil corporations. And maybe you can meet me in the .mp3 TLD.
Take back the roots! (Score:3, Informative)
Skapare writes:
Re:Take back the roots (Score:2)
Verisign can break Vixie's patch - here's how (Score:4, Informative)
Verisign can break Vixie's patch. All they have to do is set up a separate name server which pretends to be a .com and .net server, with the very same wildcarded A-record. Now just put in wildcarded NS-records in the actual .com and .net zones in the real GTLD servers (in place of the existing wildcarded A-record). There, now it really looks like a real delegation to a different name server, just like real domains have. The new delegated wildcard server gets the query next, due to the delegation (that looks like a delegation, hence fools the patch), and due to its wildcard (and it doesn't need any other data from the .com or .net zones, since it doesn't get delegated to for real domains), it will answer with an A record of Verisign's choosing. If Verisign wants to keep doing what they are doing, they can defeat this patch by that method.
Then we'll have to make DNS servers filter out specific delegations (as opposed to filtering out non-delegation records where there should be only delegations). Verisign could rotate those delegations daily and fool efforts to block it.
SSSSHHH!!!! (Score:2)
Don't give them any ideas. I'm convinced marketing thought up the last one, and the techs who implemented it were probably resentful, and did it as simply as possible.
Now everyone... just lower your weapons, slowly.... slowly...
Question about spam filtering problems (Score:2)
Why can't we work around this by instead of checking if the address is valid, check if the address comes back to Verisign's server???
What if it was Google rather than sitefinder? (Score:2)
What if rather than sitefinder, it redirected you to google? The "feature" they are trying to convince us they provide is basically spell checking the URL you type. "salshdot.org? Oh... you meant slashdot, here let me take you there."
What if this had been done in a more acceptable way, where profit leeching wasn't a suspected motive? Would we still complain?
And btw, the
Re:What if it was Google rather than sitefinder? (Score:3, Interesting)
It is not the person, it is the act.
You not seeing a down side is neither here nor there, if you want this functionality, install software on your local machine to do so.
It's the same issue (Score:5, Insightful)
Whether it's SiteFinder, Google, or even Slashdot, the issue is not so much (or at least not only) the fact that a website comes up instead of a 404. It's the fact that practically everything automated breaks because this "service" is oriented toward humans. Consider:
I'm sure there are others, but the point is that what's good for human users is not good for computers, and it should be the client, i.e. the thing interacting directly with the human user, that interprets the computer responses and makes them easier to use for humans. (There wouldn't be nearly as much uproar over this if Verisign had, say, made a deal with Microsoft to redirect all NXDOMAIN queries to SiteFinder; in that case it would be an Internet Explorer, i.e. client issue, and DNS itself would be unharmed.)
Re:It's the same issue (Score:3, Insightful)
Kerosene (Score:2)
#!/usr/bin/perl
srand();
my @alpha = (a..z);
my @prefix= qw( www web1 web2 ftp mail dns ns1 ns2 ns3 dns1 dns2 dns3 );
my @suffix = qw ( com net );
$|=1;
while(1) {
my $length = int(rand(16)+1);
my $n = "";
for (0..$length) {
$n.=$alpha[int(rand(26))];
}
my $p = $prefix[int(rand($#prefix))];
my $s = $suffix[int(rand($#suffix))];
$l = `nslookup $p.$n.$s`;
print $l;
sleep int(rand(5))+1;
}
enough crap in their database, it won't be good for mark
Don't do that! (Score:2)
Instead, hit the IP addresses of sitefinder and sitefinder-idn.verisign.com directly with bogus HTTP requests instead. I can't be sure, but I'll bet they don't record the requests at the DNS server, but at the webserver because the logs are probably easier to process with existing web analysis tools.
(Does anyone know if you can directly ask a root server about a domain? I didn't think mere mortals could)
Query the Verisign roots for bogus .COM names (Score:4, Informative)
Any host can make non-recursive requests to the root servers.
Technically, if a query for whatever.com arrives at a root server, it should only return the list of NS records for .COM, and if a query for whatever.com arrives at an authoritative server for .COM (many roots are also .COM servers), it should only return the registered NS records for whatever.com.
In fact, that is exactly the problem -- the Verisign roots should return only NS or NXDOMAIN records, but for names in .COM .or .NET, they instead "synthesize" an A record, pointing to sitefinder, with a 15 minute TTL (cache lifetime).
The various hacks either ignore the specific A record, or ignore records from root servers other than NS. The latter is a cleaner approach, IMHO.
Trademark Infringement (Score:4, Interesting)
If your ISP hasn't fixed this yet, go to http://ibm-asdf-hardware.com [ibm-asdf-hardware.com]
Do you think IBM might be a little bit pissed off about their trademark being used to point to someone else's computer hardware site? Do you think they might, I dunno, sue?
How about all these other blatant trademark infringements:
http://ibm-asda-hardware.com
htt
http://ibm-asdc-hardwar
http://ibm-asdd-hardware.com
http://ibm-as
http://ibm-asdg-hardware.com
htt
http://ibm-asdi-hardwar
http://ibm-asdj-hardware.com
As I see it, Verisign is facing a not-quite-infinite number of trademark infringement lawsuits. And, of course, if Verisign switches to point to IBM, I'm sure hardware.com would be delighted to fire their own volley of lawyers.
A 404 error message? (Score:3, Redundant)
What? How the hell do you get an HTTP 404 error message if there's no server to even connect to?
Mr. Vixie is surprisingly neutral (Score:3, Insightful)
He seemed reserved, while calmly pointing out, part by part, what is wrong with Verisign's actions. More of this is called for from the important people in the Internet technical and business community - the way community coverage has been heading, and the way comments are worded on Slashdot and other sites, is leading to resentment, anger, name-calling, and joking about Verisign and their policies, creating a situation in which the community is less likely to be taken seriously by Verisign, Microsoft, AOL, etc. Mr. Vixie also mentions that there are smart people at Verisign, reminding us that the Sitefinder "service" is the brainchild of but a handful of people, maybe even just one or two. It reminds me that as engineers, we still have to work with the other guy at a certain level.. becoming enemies doesn't help anything.
Mr. Vixie is saying that perhaps ICANN should "do something about it". This whole situation should be approached by attorneys general, from the both the branding/business practices angle mentioned by Mr. Vixie, and also from the consumer rights angle (much like telemarketers). Right now the average consumer can get effectively get rid of telemarketers, thanks to recent laws, with a single verbal or written request, but the Sitefinder service can only be circumvented using DNS tools by an engineer or technician "in charge" of the DNS servers. The web-browsing consumer has no way around this by themselves.
Re:Mr. Vixie is surprisingly neutral (Score:2)
Doublespeak? (Score:2, Insightful)
What the flip is ICANN doing? (Score:2, Insightful)
In the past, ICANN has always made a song and dance about the crucial need for DNS stability, yet now, in the face of a unilateral move that causes great instability, they meekly ask Verisign to please stop. If ICANN are too spineless to act, then the Department of Commerce needs to step in. Despite the contractual complexities (see Karl Auerbach's blog [cavebear.com]), Verisign have committed a fundamental breach of trust, and the DoC should reallocate responsibility for .net and .com as soon as practically possible.
Terms of Use (Score:2, Interesting)
Couldn't they be sued for not providing some way for users to discontinue use of their service? It's like the shrink wrapped EULA, exce
It appears site finder has already been suspended. (Score:2)
Host www..com not found.
www..net
Host www..net not found.
www..org
Host www..org not found.
Did we win?
Re:It appears site finder has already been suspend (Score:2)
If they want to wildcard their names... (Score:3, Funny)
Re:Year 2039: Grandpa, what's a 404 error? (Score:3, Informative)