

ICANN Gives VeriSign 36 Hours to Pull Sitefinder 449
Froomkin writes "ICANN this morning announced that it sent VeriSign an ultimatum: pull sitefinder by tomorrow evening or we'll sue. Details and links to discussion of the contractual and legal issues in ICANN Throws Down the Gauntlet to VeriSign on Sitefinder at ICANNWatch." Update: 10/03 19:29 GMT by M : Verisign blinked.
Ummm... (Score:3, Insightful)
Re:Ummm... (Score:2, Funny)
Re:Ummm... (Score:5, Insightful)
Neither. Rather, think of it like two gangs fighting over territory, in this case, control of DNS.
For what it's worth... (Score:2)
I suppose if your software counted on receiving domain not found errors to function properly it could be a real problem.
Re:For what it's worth... (Score:5, Insightful)
Re:For what it's worth... (Score:2, Funny)
Re:For what it's worth... (Score:3, Insightful)
Given that they implemented sitefinder with no warning, it is unlikely that they give any warning before implementing the 'feature' I mention above...
Re:For what it's worth... (Score:2)
Sitefinder rejects mail (Score:3, Informative)
--
Simon
Re:Sitefinder rejects mail (Score:4, Informative)
I don't know if it's changed, but when Sitefinder first went up the smtp daemon was bouncing the mail after accepting the entire message. You'd get a bounce but they (could) have a copy of the mail.
Re:For what it's worth... (Score:5, Informative)
220 sitefinder.verisign.com VeriSign mail rejector (Postfix)
HELO dsnjkas
250 OK
MAIL FROM: <sdnjkas@com.com>
250 Ok
RCPT TO: <sdnjkasd@sdnfjkasd.com>
550 <unknown[xxx.xxx.xxx.xxx]>: Client host rejected: The domain you are trying to send mail to does not exist.
Re:For what it's worth... (Score:5, Informative)
Re:For what it's worth... (Score:5, Insightful)
The $64,000 question is, can the domain not found response be modified at all without breaking the protocol? For instance, to have older programs recognize the error, but next generation programs (web browsers mainly) be able to return useful information like possible alternatives? This would allow for smarter, more functional programs without breaking legacy apps.
Re:For what it's worth... (Score:5, Insightful)
They already kind of do this, trying different combinations of appending .com, prepending www., and that could be expanded into a wider search. Invalid domains can be turned into search terms.
This is a UI issue, not a protocol issue. It can best solved in the UI, i.e., in the browser. And the browsers, while not always acting in good faith, have done exactly this.
Re:For what it's worth... (Score:5, Informative)
Here, have a loot at the IAB's point of view [iab.org]. They make a powerful case against the use of wildcarding in top level zones. The big thing is that it breaks a whole lot of protocols. HTTP isn't really that big a deal. ISPs could easily handle that in their DNS systems. Currently there are so many public and private protocols being used that nobody, not even Verisign, can properly provide for them using a wildcarding sytem, yet that is what Verisign is actually doing. And they are doing it very badly.
It increases network traffic, incurring more cost to ISPs and consumers. It makes it very difficult to present proper error codes for protocols that Verisign did not anticipate such as IRC. It breaks old protocols for which clients are not being developed but still provide a valuable function. For protocols that are still supported, it incurs higher costs for those users since the developers will need to update their software. There are so many problems with wildcarding that even the IAB gave up listing them after a dozen or so.
Re:For what it's worth... (Score:5, Insightful)
That's something I specifically wanted, and configured Mozilla to do. Google is rather good at guessing what I wanted when I mistype stuff.
And it's a feature that VeriSlime have now broken for me. Sitefinder is almost completely useless at guessing my typos, and the only way to get the old behaviour back is patching DNS to return NXDOMAIN like it used to.
Many ISP's in New Zealand are already running a patched DNS that ignores VeriSlime. My current ISP is one of them, but I still keep seeing sitefinder in places like the ODP editor.
Hell, that brings up another point. The ODP editor interface has various tools for checking that sites still exist, so that editors don't have to go through the tedious task of checking them all periodically. Guess how SiteSquatter affects those tools?
Re:For what it's worth... (Score:5, Funny)
There is NO NEED to ABUSE the DNS PROTOCOL. If you feel an APPLICATION needs to behave a certain way when an NXDOMAIN response is appropriate, rewrite the application to do that.
LOOK:
Browser/options/network (or something):
When server does not exist
[.] Display modal error message
[.] Display non-modal error message
[X] Redirect to:
[.] Domain search site A
[.] Domain search site B
[.] Domain search site C
[X] Custom search:
[ http://www.indiesearchguys.net?host=%h ]
Hey, I added value to one application without BREAKING ANYTHING ELSE! I must be some kind of GENIUS in the field of the OBVIOUS!
Re:For what it's worth... (Score:3, Insightful)
Can it be? Yes. Is there any reason to? No.
DNS has a specific purpose. It takes a hierarchical, human readable name, and gives back an
Repeat After Me... (Score:2)
There are many services and protocols on the Internet that have nothing to do with web browsing. Adding wildcards screws up the DNS for all services and protocols, not just http and smtp.
But that's just it.. (Score:5, Informative)
I have been hit by this problem already, where typos went unnoticed in scripts because a connection was made, and html returned.
I've had mail problems as well, where secondary MX was never tried, because of verisign's new trick.
It's handy for when you mistype.. unfortuntaely, looking up web pages is just one of many uses for the DNS.... and not at all what it was intended for.
Re:Ummm... (Score:3, Funny)
"If Hitler invaded Hell, I should at least give the Devil a favorable mention in the House of Commons."
Re:Ummm... (Score:2, Insightful)
(...can I borrow your glasses?)
-ben
ICANN (Score:3, Funny)
Princess Server (Score:5, Funny)
More like... (Score:3, Funny)
No More Crap (Score:5, Insightful)
Now we wait and see... (Score:4, Interesting)
The answer is obvious (Score:5, Funny)
SCO will pull their UNIX licenses.
Re:The answer is obvious (Score:5, Funny)
(damn, wish I had mod points...)
Re:Now we wait and see... (Score:2)
They get bought out wholesale by SCO?
Whoa! What time is it? Man, that was a scary dream.
You've come to this site by mistake. Please deposit $699 to continue. Thank you.
Re:Now we wait and see... (Score:5, Informative)
Stay tuned folks, some interesting viewing coming up regarding this.
Re:Now we wait and see... (Score:4, Insightful)
although I think the only level up from Federal would be the Supreme Court
There is a Federal Appeals Circuit between the usual federal courts and the Supremes. If Verisign is so inclined, the appeals court would probably take their complaint under consideration, but would (probably) get back within a day or so saying "no". In general, appeals courts don't like to deal with temporary things. Verisign can still use such a strategy to buy a little time, but it's really only enough for them to figure out a way to buy yet more time.
The big question is (Score:2, Interesting)
Re:The big question is (Score:3, Funny)
Oh crap! They're already worming their way into spell-check!
Re:The big question is (Score:5, Informative)
> in a position to seariously mess up the DNS system.
ICANN can always instruct the root DNS servers to point elsewhere for com. and net. instead of verisigns gTLD servers. That would effectivly remove verisign from the game totally.
At this point verisign is legally bound to hand over their database of customer info so that the new registrar can pickup where they left off, and verisign would be held accountable for all damages caused if they dont (Which would easily be in the tens of millions a day)
ICANN being the primary board, if anyone at verisign said 'no' they most likely would be held personally accountable.
Its like if the admin of a company gets put on another project and refuses to give his boss the root passwords. He will be personally held responsible. And one way or another, the problem will get fixed.
The Message (Score:5, Informative)
Via E-mail and U.S. Mail
Russell Lewis
Executive Vice President, General Manager
VeriSign Naming and Directory Services
21345 Ridgetop Circle LS2-3-2
Dulles, VA 20166-6503
Re: Deployment of SiteFinder Service
Dear Rusty:
This letter is further to the advisory posted by ICANN on 19 September 2003 regarding the changes to the operation of the
Because of numerous indications that these unannounced changes have had very significant impacts on a wide range of Internet users and applications, ICANN on 19 September 2003 asked VeriSign to voluntarily suspend these changes, and return to the previous behavior of
Based on the information currently available to us, it appears that these changes have had a substantial adverse effect on the core operation of the DNS, on the stability of the Internet, and on the relevant domains, and may have additional adverse effects in the future. These effects appear to be significant, including effects on web browsing, certain email services and applications, sequenced lookup services and a pervasive problem of incompatibility with other established protocols. In addition, the responses of various persons and entities to the changes made by VeriSign may themselves adversely affect the continued effective functioning of the Internet, the DNS and the
In addition, our review of the
Given these conclusions, please consider this a formal demand to return the operation of the
Re:The Message (Score:5, Funny)
No wonder Verisign didn't respond, September 19th is talk like a pirate day [talklikeapirate.com]. I'm pretty sure ICANN didn't send a message with 'avast ye scurvy dogs! ye shanghi'd the entire high seas and should be keel hauled like dirty traitorous bilge rats!'
Nice (Score:5, Interesting)
I'd be interested to see what those obligations were. If it is as bad as that sounds, I wonder if VeriSign could lose their Registrar priviledges as a result. This could have huge implications, and could help small(er) registrars get a leg up (finally) in the .com and .net domains. I guess only time will tell.
Re:Nice (Score:2)
Re:Nice (Score:3, Interesting)
A) Say "fine, I'm going home, and I'm taking my root servers with me"
or
B) Give ICANN the finger, and keep on doing what they're doing.
My vote is for B.
Re:Nice (Score:5, Informative)
And anyway, why did they need root servers for that stunt? They didn't wildcard ".", after all.
Re:Nice (Score:4, Informative)
Read the entire letter, not just the last sentence:
Re:Nice (Score:2)
They will bring in homeland security. We will consider anyone who messes with DNS to be an enemy as well as anyone who harbors the people responsible.
My dogs breath smells like your cat
Re:Nice (Score:3, Informative)
Probably should have RTFA then, huh? Both the .COM [icann.org] and .NET [icann.org] contracts were linked from Dr. Twomey's letter. Verisign's lawyers are probably pouring over section "Y" as you read this. ;)
Ya gotta read the article ... (Score:4, Insightful)
So, basically, if I read this right
ICANN doesn't per se have a problem with the Sitefinder service, but rather, the manner in which VeriSign implemented it?
Ugh.
So basically, they're asking VeriSign to stop until they can take a look at it, give it a green light, and rubber-stamp it
Re:Ya gotta read the article ... (Score:3, Insightful)
Re:Ya gotta read the article ... (Score:2)
but when that service comes up suddenly on places where it shouldn't(on every non existant
so, they could run the service but fuck, how they'd except anyone to visit it? umm, they would have to umm.. have like.. real services and content!
Re:Ya gotta read the article ... (Score:5, Informative)
Re:Ya gotta read the article ... (Score:2, Insightful)
So, basically, if I read this right
Sorry to disagree with you, but I read it only as promising to be open minded about new services as long as they do *not disturb* ongoing operations of *exisitng* one's. And that seems fair. That is basic backwards compatibility stuff - and yes Verisgn has totally screwed that up, and as far as I'm concerned should lose their accreditation over,
Re:Ya gotta read the article ... (Score:2)
Re:Ya gotta read the article ... (Score:5, Insightful)
You also should have finished your quote with the next paragraph:
I think that ICANN is handling this excellently. Bascially ICANN first requested that VS stop...which VS didn't. Since several weeks have passed and it has become clear as to how many things VS action has broken, ICANN is now demanding that the cease. Think of it as a temporary injunction.
ICANN is not permanently banning them from doing the wildcard, but rather demanding that they stop until everyone can get to gether and examine the real impact. After that examination, then they will make the final determination on what to do. They aren't just flat out saying what to do without listening to things.
Internet governance failures (Score:4, Insightful)
Mabye, but... (Score:5, Interesting)
What happens when ICANN fully realizes this power and makes changes to the obligated behavior of TLDs and uses their power to force change that may not be in the best interest of everyone concerned (read: ISPs and end users).
Of all the lawsuits flying around this year, this one is actually valid and should occur with extreme prejudice.
Re:Internet governance failures (Score:5, Insightful)
They are not suing. They are, in fact, leveraging their contract - their tool - and telling verisign to get it done and have it done quickly. Specifically, 36 hours. The thing about the business world is that if they didn't make sure that they were on strong grounds, if they demanded the service be taken down and then got sued, then they'd be indemnable for whatever money verisign made up that they lost on absent sitefinder service.
ICANN is doing the right thing, in fact the very thing that we're angry that VeriSign didn't do: they're checking that their actions are correct before undertaking them. ICANN has a responsibility to be proper and careful, rather than just running around swinging its arms like a bully (which some would say that it has done in the past.)
Look, you can't please everybody: if you do it fast people will say you didn't plan, and if you plan people will say you didn't do it fast enough. Don't you think it best that they do this in the way that's most difficult for VeriSign to prevent?
It's difficult to be the good guy.
And they should also have the means to simply cut Verisign out of the loop
As has been pointed out, they have implied that they will do just that in about 36 hours if their demands aren't met. As other
(Of course, nobody seems to be pointing out that there's going to be the demand for some tremendous bandwidth and heavy servers pretty on-the-spot if they choose to do that. I find myself wondering which company will attempt to step up to the bat and steal the gold ring, if VeriSign fucks this up.)
What day is it? (Score:3, Funny)
I always thought we we supposed to hate icann, but this story leaves me with such mixed emotions. Can I hate verisign and icann today?
Some one tell me how to feel please.
Wang 33
"Your breath smells like dead bunnies"
Contractual Obligations? (Score:3, Insightful)
What are these obligations, and what exactly got into VeriScam's mind that they could overlook these, and the general obligations to their customers (mainly, those on the internet, and those running servers that depend on the service in particular).
We have here a service which has, to some extend, broken how many of the tried-and-true mechanisms work. While it might be true that there are no RFC's to cover this, when something has been function for a long duration and a change, in effects, damages that functionality, I think there are greater considerations. If VeriSign doesn't rm
Draw! (Score:3, Funny)
Pass the popcorn!
T-Shirts! Get your VeriSlime T-shirts here! (Score:3, Interesting)
VeriSlime t-shirt "No Values to Trust" [cafeshops.com]
VeriSlime t-shirt "The Abuse of Trust" [cafeshops.com]
Why did Verisign think that this was legal? (Score:3, Insightful)
Re:Why did Verisign think that this was legal? (Score:2)
Penalties (Score:4, Insightful)
Could ICANN actually transfer everything to another company? How long would this take? Is anybody set up to handle this? Think of all the little registrars which exist today, would this be a huge job?
worth reading (Score:5, Insightful)
This just in, SCO acquires Verisign (Score:3, Funny)
SCO is presently awaiting ICAAN's law suit at which time it plans to file massive countersuits. Additionally, SCO has begun sending invoices to internet users for the use of thier "Patented DNS system". SCO representatives said the planed to mail the first million invoices on Monday and that the invoices were for ammounts of $699 to $699,000,000.
In other news SCO stock(SCOX) soared on the announcement of the Verisign acquisition.
Nooooooooo! (Score:2, Funny)
It's FRAUD (Score:5, Interesting)
When you say HTTP/302, you're saying the resource they're looking for exists somewhere else, in this case sitefinder.verisign.com. That is a lie. It is a gigantic, automated lie perpetrated automatically on the entire world. It's a class action suit waiting to happen.
LIARS
It's fraud.
Verisign: The next SCO (Score:5, Insightful)
Verisign received trusteeship of the COM and NET TLDs by ICANN, the government and the rest of the Internet standards bodies. They are free to promote the domains but are obligated to act in a neutral fashion and keep the DNS running. They are required to act as a neutral third-party with regard to providing a network service much in the same way it did when DNS was run as a government funded, non-profit organization (InterNIC).
ICANN's pissed and rightly so. The average Internet user has no idea how the net really works with regard to DNS. To them, www.google.com is the Internet. To the techies, we know the names are just thin veneers over the IP addresses that really control and make things happen. Until this affects the average user, only the geeks and techies of the world will care about this.
Verisign has gone and broken THE CORE PROTOCOL of what makes the Internet work! Without DNS, we would have to use and memorize IP addresses. DNS is supposed to work by returned an answer as to whether or not a name is mapped to an IP address and provide that address.
By building SiteFinder, they have waived their right as a neutral third party and are now trying to co-opt the largest domain registries in the world for their own personal profit and use. In doing so, they have also broken the software contract between DNS and its users. They've changed the interface that people expect to work a certain and broken or severely damaged the functionality of software around the world. When mail servers can't figure out if an e-mail is forged or not, it's only going to be a matter of time before the spammers clue in and increase bandwidth usage across the board until things change.
What Verisign fails to acknowledge is that registry is not theirs to do that with. It was paid for by taxpayer dollars and grants over many years from countless communities and can be considered a public utility. There cannot be preferential treatment in this. Or they can claim that the COM/NET TLDs are their intellectual property and they can do with it as they please. They want to do that? Fine, they can push for a new TLD to be added to the hierarchy for private use which they can manage. Turn over COM/NET to a neutral non-profit and let them run it as a public trust.
It's not only ICANN and VeriSign (Score:2)
It's even worse in ITU's World Summit on Information Society [itu.int]. The goverments are really fighting against each other on the governance of Internet and it's possible that it will be one of the topics, which will destroy the whole process (the funding for developing countries is still the best bet).
Register has a nice story [theregister.co.uk] about the Prepcom III, which ended up being a (almost) total distaster. (Anyway it was funny to participate and see f.ex. how the highly paid diplomats argue how spam should be spell
Revoke Not Sue (Score:4, Informative)
Re:Revoke Not Sue (Score:3, Informative)
If I Recall Correctly... (Score:4, Informative)
Whatever... (Score:2)
Personally I think ICANN and Verisign both suck. We need a distributed naming service. Or perhaps /. could create a single .slashdot root server and we could all just point our DNS servers at it (and only at it.)
Conflict of interests (Score:5, Insightful)
TLD registrars and DNS providers should be small companies, run by people who are content to do a job and make a small profit, but not have unlimited freedom/growth potential of a private company that doesn't provide any exclusive service to the public.
I hope ICANN moves in that direction right away and not even bother with separate lawsuits for various small points.
Who to root for? (Score:2)
Typical (Score:5, Funny)
Couldn't ICANN have let me stay a hero for just a few more days?
Compare to the register.com class action lawsuit. (Score:3, Insightful)
We talked about the lawsuit here [slashdot.org] and it's rather similar.
Review: Zurakov filed a class action suit against register.com because he registered a domain and, while he was building it, his domain pointed to a register.com "coming soon" page that had links to services and so on. The argument: they were using his domain to profit.
In Verisign's case, I suppose they could argue that the sites belong to no one, but haven't we seen court precedence [keytlaw.com] against this sort of thing?
The two cases have interesting parallels, IMO.
IANAL. Not FDIC Insured.
goodbye ICANN (Score:3, Funny)
I mean, you don't really think verisign will do much more than tell them to shove it, do you? What will ICANN do then? Come down on verisign with all its awesome power and might? Uh, yes, all of it. Oh, so scared.
Headline should have been: (Score:3, Funny)
They are so polite! (Score:5, Funny)
Dear Rusty,
Blah blah blah
Do it or it your ass!
Best Regards
Paul
It's like watching two Englishmen having a civilized cup of tea while trading insults.
If I were a developer for Mozilla.... (Score:3, Interesting)
Yeah yeah, I know 2 wrongs do not make a right, but it would definitely send a clear message to Verisign. They need to realize that in order for techologies to work, people need to work together. No one holds all the power; anyone can come and screw you at any given time. That's why everyone needs to play nice, because the alternative is everyone loses.
There actually is at least one useful application (Score:3, Interesting)
I have found a couple common misspellings of my domain [kilna.com] that are still available. By looking at the contents of the sessions on my site I see that the users who come in on certain misspellings actually stick around a bit. Either they ended up on my site by accident and liked it, or sitefinder actually helped me (and them) out by pointing them to the correct site. I don't currently have enough visitors from those misspellings to justify purchasing them, but Verisign has just given me a free service that is of at least some value.
I agree that it breaks DNS, and that it is an unfair use of their position (just imagine when they start removing non-Verisign registered domains from the list of suggestions!). Generating lists of domain misspellings in referer logs is certainly in Verisign's best interest, since some users will want to scoop them up.
But it's not all bad, just mostly bad.
Verisign broke archive.org (Score:5, Interesting)
Disallow: /
Verisign relents (Score:5, Informative)
Good for them. Even better for us.
It's a press release from VRSN, so naturally it is full of half-truths and lies, but the bottom line is that they are getting in line. I doubt SiteFinder or wildcards will be resurrected after this debacle.
Re:Verisign relents (Score:3, Funny)
A *hearing* would have been the final word on the matter, beyond which people could start paying fines and going to jail for contempt of court. They wouldn't let it get to that stage (courtroom), and they know it.
Funny how they spin that... "They didn't even file a suit and take us to court before they asked us to fulfull our contractural obligations. Those big dummy heads."
In other news, my mortgage company expected my check this month "withou
Re:Verisign relents (Score:5, Funny)
WTF is this bastard smoking? If I ever run into this guy on the streets, I'm going to shove a pineapple up his ass and say that there's no data to indicate that he's going to have trouble pooping.
-Lucas
Forbes "worst CEO" story, featuring Verisign (Score:3, Funny)
Re:Verisign Sucks (Score:5, Insightful)
Do you ever visit a domain with .com or .net TLD? If so then you use Verisign yourself. You're relying on the root DNS servers that they manage.
Transcription from the ultimatum (Score:5, Funny)
Re:Transcription from the ultimatum (Score:5, Funny)
Re:Transcription from the ultimatum (Score:2)
Or they'll send the dogs, or the bees, or the dogs with bees in their mouths and when they bark they shoot bees?
Smithers, release the robotic Richard Simmons.
Re:Verisign Sucks (Score:5, Insightful)
Do I use them? Yes, unfortunately I do at the moment.
Re:Verisign Sucks (Score:4, Insightful)
No, I don't have a solution. Just pointing out that this is just a symptom of a larger problem.
Re:Or else what? (Score:2)
Re: (Score:2, Insightful)
Re:verisign needs to stop (Score:3, Insightful)
Ahh, to see the world through the eyes of a child...
Re:Valid code (Score:3, Funny)
Re:ICANN? (Score:2)
WTF? (Score:3, Funny)
Re:How about .museum (Score:2, Insightful)
Re:Not sure, if that is a bad thing or not.. (Score:3, Interesting)
Either that or "Various ports closed ahead".
Re:Revoke Verisign's accredidation (Score:3, Informative)
(italics mine).