ICANN Study Slams Verisign 138
Dinglenuts writes "ICANN has just released what I'm sure is a completely neutral and unbiased report, condemning Verisign's Sitefinder service for running afoul of 'community standards and caus[ing] harm to individual users and enterprises.' Seeing as how ICANN is currently being sued by Verisign for making them take down Sitefinder, this opinion can be considered less than revolutionary."
The dangers of money and power (Score:5, Interesting)
But on-topic: i think verisign should loose there license. They have proven they cannot be trusted as independent tld maintainer.
Re:The dangers of money and power (Score:5, Insightful)
But ICANN is not much better. They have no accountability, refuse to reform [theregister.co.uk], their meetings are basically junkets to somewhere expensive, and they try to gouge [theregister.co.uk] registrars for $15.8m for next year, double the previous years. Lets also not forget the fiasco that was the ICANN At Large [theregister.co.uk], where the directors users voted in where quickly thrown out when they tried to represent user viewpoints.
Oh, and the too great an influence the US government has on ICANN.
Re:The dangers of money and power (Score:3, Insightful)
I think Opennic [unrated.net] should play especially well here, where they eagerly advertises it's .geek and .oss TLDs on the header of their home page.
All it'd take is a /. giving up on their ".com" and ".org" and advertising themselves as "slashdot.geek at opennic", and I bet a bunch of us would switch overnight. Enough IT guys switch, and then who cares about all those .Com[mercial] g
Re:The dangers of money and power (Score:5, Insightful)
All of my users?
mods on crack? (Score:2)
How would your users know or care?
Hint: All the .com, etc domains will resolve just fine with almost all the alternate-TLD providers.
It's just that if they enter a .geek address they'll get a website instead of a SiteFinder or an Internent Explorer Search page.
Don't tell me your users actually depend on such features!
Re:mods on crack? (Score:2)
Re:The dangers of money and power (Score:4, Insightful)
Umm, it was google dot
Uh huh, yeah. Get your head out of your GeekPort and come back to the real world.
It was google dot... (Score:3, Funny)
Re:The dangers of money and power (Score:1, Funny)
Enough IT guys switch, and then who cares about all those .Com[mercial] groups anyway.
The badgers do! [badgerbadgerbadger.com]Re:The dangers of money and power (Score:2)
Ehm.. Just 99.99% of the current Internet-enabled population? To be frank, I don't think alternate DNS-providers are the solution at all. Being in an alternate DNS database might as well mean being on a different net altogether.
No companies worth their salt goes where there is no customers. The .geek and .oss TLDs speak volumes for themselves...
Re:The dangers of money and power (Score:1)
Re:The dangers of money and power (Score:2)
Wouldn't work (Score:2)
Re:The dangers of money and power (Score:5, Informative)
Re:The dangers of money and power (Score:4, Funny)
Re:The dangers of money and power (Score:2)
Where are my mod points when I need them.....
Re:The dangers of money and power (Score:1, Offtopic)
Where are asian girls peeing on each other when I need them?
Re:The dangers of money and power (Score:1, Offtopic)
Where are my mod points when I need them.....
Where are asian girls peeing on each other when I need them?
Probably in Asia. Thailand seems a good place to start, although I'd be careful cause that look on their face could because it burns when t
Re:The dangers of money and power (Score:1)
Re:The dangers of money and power (Score:2)
From your own source:
ICANN gets its authority from the US Department of Commerce, and all major decisions regarding the DNS root servers must still be rubber-stamped by the DoC.
From ICANN:
"Over eighty governments closely advise the Board of Directors via the Governmental Advisory Committee."
http://www.icann.org/general/
Oh, and the too great an influence the US government has on ICANN.
Okay, now you have to make a choice here. Do they have NO accountability or too MUCH
Re:The dangers of money and power (Score:4, Insightful)
Oh. Nevermind.
Uh oh! (Score:5, Interesting)
The UN getting interested in governing the net?
Well, it was fun while it lasted. I'm off to spend the last few weeks of internet existence with the badgers [badgerbadgerbadger.com].
Re:Uh oh! (Score:4, Insightful)
Re:Uh oh! (Score:5, Insightful)
Oh, come on. The Internet survived the US for decades, I doubt the UN (i.e. the good folks that brought us international telecommunications standardization) would kill it any time soon.
Re:Uh oh! (Score:2, Insightful)
Re:Uh oh! (Score:1)
Er the UN did what? (Score:2)
The UN did what? You may wish to give much credit to ETSI [etsi.org], which has nothing to do with the UN. Except that the US bypassed it unilaterally hence being practically the only country in the world that has mobiles not conforming to the GSM standard (and we've seen enough slashdot posts confirming what a bad move that was).
Ph
Re:Er the UN did what? (Score:5, Insightful)
Re:Uh oh! Alternat Root Servers and UN (Score:1, Informative)
They're still trying to d this? (Score:5, Informative)
Re:They're still trying to d this? (Score:5, Interesting)
The way sitefinder worked was that Verisign wildcarded the whole
Yes there was a way to patch BIND and many other DNS servers so that the wildcarding didn't work and the proper NXDOMAIN reply was given for non existent domains - but simply redirecting requests for verisign.com addresses to your local cache would not have helped.
The sitefinder service personally bit me when I wasted hours tracking down a fault after I mistyped a domain name into a system which was using port 20000. Instead of getting NXDOMAIN and a simple to fix problem I was getting connection refused - it was not until I put a packet sniffer on the link (after hours of stuffing around) that I noticed that traffic was going to the wrong destination - verisign's then two day old sitefinder "service". But I had no idea that the wildcarding had been done. After fixing the problem and typing in the correct domain I then tried to fix my DNS to see why it was returning this IP instead of NXDOMAIN. Further fault finding led me to discussion in some newsgroups about the wildcarding.
Needless to say this pissed me off no end and I immediately blocked access to the sitefinder IPs at the border router and then when a patch was available for BIND I installed it on all my servers.
Verisign needs to remember that PORT 80 IS NOT THE INTERNET.
Re:They're still trying to d this? (Score:1, Funny)
Even knowledge of the existence of port 80, IP addresses, domains, RFCs, etc., etc. (in short anything a geek understands and knows like the palm of his hand) must be utterly and completely denied them for their own safety and for the preservation of geekdom.
Anything sh
Still amazed... (Score:5, Insightful)
Re:Still amazed... (Score:5, Insightful)
Revoke their license and give it to a company who restricts their commercial endeavours to what is considered *reasonable*.
Too much power to a company or individual without the best interests of the masses at heart is not a great thing and something should be done about it.
Google has, and continues to do so, proven that doing the right thing can bring commercial reward and brand loyalty.
Re:Still amazed... (Score:5, Interesting)
You nor I know what Google is really upto.
I'm not using their gmail service, and not using Orkut for a number of reasons, all of which come down to me not liking it when a company, regardless of which company, gets interested too much in my social activities and contacts.
Are they evil with it? I don't think so, but the issue is also that they don't have to be evil for it to go wrong anyway.
The simple problem is that in the end, they are bound to have too many conflicting activities, and will screw up without any intention of doing so.
Oh, and I do use their search and advertisement services, don't get me wrogn here, so far they have definitely shown to be a decent company, and its not like they don't deserve my business or such, but a s a matter of principe I do not want companies to try stick their noses into my private life too much, the risks of it going wrong are too big even when all involved do have the best intentions... What happens when the company gets bought out or merges with another one? or goes bankrupt? or what if there is some employee there who decides he wants to make a point???
Way too much can go wrong, and the more power you collect in one place, the bigger the chance that it will go wrong in a horrible way...
Fine, but without my data.
Re:Still amazed... (Score:4, Insightful)
True. Anyone using a webmail service is putting a lot of trust in a company not holding personal missives for private gain. But what's to say that any mailserver out of your hands isn't logging full copies of everything you send?
Which is the better path?
1. Spread a tenth of your data between each of ten commercial providers, each with x% chance of abusing it.
2. Put all of your information with a single operator with that same chance.
I mean, if you're doing seriously dodgy stuff, then something like Echelon is going to bust you anyway.
I search with Google, appreciate the traffic it brings my sites, and use their AdSense program. From my experiences with them and other companies, I would trust Google before a lot of others. And that was, ultimately, my point -- doing the right thing (at least in the sense that perception is reality) brings reward. It might not give you 90% market share the week you start the business, or rain angel VC cash upon you, and it won't grab those lovely users who'll use and abuse whatever is the latest craze, but it will (with time) bring you loyalty and long-term users. And those people are priceless -- they'll market your business for you.
Re:Still amazed... (Score:2)
Re:Still amazed... (Score:2)
Does using small children to make your hat work better than tin foil?
Re:Still amazed... (Score:2)
Re:Still amazed... (Score:2)
Basically at that point, no one can read your mail, and if you set it up properly, is available anywhere where there's internet access. It's most of the benefits of webmail without losing any control. Echelon may be able to read the headers, but not the content. Of course, this means you are required to put in a not-insignificant effort in getting it to work
Re:Still amazed... (Score:2)
Webmail has quite some advantages, tho you must be able to trust the machine you are browsing from (but hey, thats still true when using a character based method, if your client is compromised, you are in trouble)
At any rate, I don't care that much about individual mail being read.
What I care about in case of Google would be that personal mails generate hits on their advertisements. T
Re:Still amazed... (Score:2)
Google Ads also comes into play alot better here. When someone on a list is talking about a product or program, there are targeted ads for said product or program right there if im interested.
Something to think about atleast...
Re:Still amazed... (Score:2)
Definitely, and I don't have a problem with gmail itself, it is more like I am not going to use google for everything that relates to my onlien activities.
Do I use a local ISP for most of them? yeah, but in that case I also have a local court to goto when it goes terribly wrong.
Besides.. I run my own servers for a reason, no ISP except for the sending one will be storing mail for me, it will be transfered through their network tho, but to that other laws apply.
Re:Still amazed... (Score:2)
The rogue employee case is pretty simple: 100 million angry customers sue him into oblivion.
Re:Still amazed... (Score:2)
I agree, that would be a nice thing.
However, what I was talking about isn't so much about what is in the terms and conditions but about the intentions of those in charge of the company.
Re:Still amazed... (Score:2)
That's the real problem with a buyout -- you may trust the current owners, but you agreed to trust them *and anyone the company or any portion of its assets is ever sold to*. (This
Re:Still amazed... (Score:2)
It's funny, but I feel exactly the same way about expanding government powers in the PATRIOT mold.
Well, not that I exactly trust the current government, but I'm just drawing the parallel, eh?
Re:Still amazed... (Score:2)
Revoke their license and give it to a company who restricts their commercial endeavours to what is considered *reasonable*.
Or better yet, don't give it to a commercial company at all. It should be a public utility.
Re:Still amazed... (Score:2)
See the "OMG the UN is getting interested" thread.
Re:Still amazed... (Score:2)
The site finder stuff was significantly different than squatter sites:
As a webmaster, I actually liked site finder because i
Right answer, wrong approach (Score:5, Interesting)
See my note on this at http://www.cavebear.com/cbblog-archives/000108.ht
Re:Right answer, wrong approach (Score:2, Insightful)
Unless we're talking about two different things, that's been around in bulk for a long time.
Re:Right answer, wrong approach (Score:5, Insightful)
While I certainly think it is good that people are sceptical to ICANN, I think this issue is the wrong time to voice those concerns. As you yourself state in your blog - "Sitefinder is so bad that the fact that ICANN is using vigilante methods to combat Sitefinder might be overlooked in our emotional reactions to the situation."
Sitefinder was incredibly bad. I had scripts failing all over the place due to not being able to rely on DNS providing proper "host not found" answers any more. I'm sure I was not the only one.
While I agree that the report could've been better - the important thing in this case is to support ICANN. The enemy of my enemy is my friend - at least temporarily - and at least about this issue.
There is a proper time and place for criticism. This is not the proper time to criticise ICANN, in my opinion.
Re:Right answer, wrong approach (Score:4, Insightful)
Ah yes... that is the exact strategy that got us all kinds of nice things... like... we did get the Russians out of Afghanistan with help of our 'friends' there... too bad those same friends decided later it was a good idea to fly planes into buildings..
Sorry to pull in that bit of not so nice world history, but this way of reasoning is so amazingly short sighted and stupid, how much more proof of that do you need really??
Before you ever consider anyone a friend, look first what motive they have for being friendly to you right now..
You can have a temporary alliance with what is normally your enemy in order to fight a bigger, common enemy... but never ever regard such an alliance as 'friends', it is a big and often repeated historical mistake that time and again proves itself to be a really really serious mistake.
In other words... ICAN is on the same side as many of us are in this issue, well, good, but it won't change in any way what I think about them, the only way to change that is by actually addressing their internal problems.
Re:Right answer, wrong approach (Score:2)
Business is not a social setting; it is combat without the knives. Watch your back.
Re:Right answer, wrong approach (Score:5, Insightful)
unprincipled and subjective condemnation of change on the net.
Huh? There's nothing subjective about the fact that looking up a non-existent domain name is supposed to return an Unknown Host error. I can think of plenty of applications that might rely on such a result code, spam-filtering being but one obvious example. Specs are specs.
ICANN didn't say that the specs are written permanently in stone - only that if one wants to change a spec, there are procedures that must be followed: public proposal, followed by peer review and discussion of the consequences being the big points. If the change is approved, then reasonable lead time needs to be given following final adoption of the new spec, so sysadmins have time to review their systems and update any affected code in preparation for the change.
Verisign did none of the above. They unilaterally and capriciously changed an important result code worldwide, with practically no notice given, and gave it no review whatsoever - not even internally. How else to explain doing it with email, which could easily have blown their own mail server off the net from the sheer volume of forged-header spam bouncing off non-existent recipient addresses? No tech ever really thought this one through (or if they did, they were ignored by BizDev/Marketing, which seems to me most likely).
Maybe ICANN is unprincipled, maybe not. But Verisign is unprincipled. Just because Peter's a jerk doesn't mean Paul's a saint. They might both be jerks. It's not a zero-sum game.
Lots of people have problems with ICANN, but that's a separate issue, unrelated to the fact that Verisign has proven itself unworthy of its station. Given that this lawsuit even exists, it proves that they (Verisign) haven't learned anything from all this, and shouldn't be allowed anywhere near top-level DNS servers.
Re:Right answer, wrong approach (Score:2)
Actually, I think Peter and Paul are both saints...
Re:Right answer, wrong approach (Score:2)
And where it stops nobody knows (Score:5, Insightful)
It's interesting to watch the dynamic that is the evolution of the administration of the net. ICANN is seen by much of the world as to American centric and requiring, possibly a UN governing body to replace it or some other world centric governing body. Perhaps the growing pains of the European Union could offer some lessons as to how to best govern the net. It must irk many nations and organizations to see the administration and future plans for the net played out in American courts.
Tim Berners-Lee [w3.org] saw the founding of the web as a world wide endeavour surely a body as important as ICANN should be under the ageis of the UN?
Stupid (Score:1, Flamebait)
Stupid (Score:2)
Re:Stupid (Score:1)
If you're trying to fathom anything at least do it as yourself rather than a faceless AC.
So what, he'd understand things better if he logged in? Or he'd be able to measure the depth of a body of water with greater skill?
You failed it big time. Just accept the criticism.
(I never post as AC. Ever.)
*cough* (Score:1, Funny)
I knew Jeremy Porter when he was on ICANN, and that man is a total prick.
House of Mirrors (Score:2, Insightful)
On a somewhat related note, I'm wondering if it even makes sense to waste energy bashing governments and corporations anymore. Sure, a corporation is a fictitious person, but that sure looks like real signatures on the contracts and international treaties.
They're like squabbling children (Score:4, Funny)
Re:They're like squabbling children (Score:2)
Re:They're like squabbling children (Score:2)
Re:They're like squabbling children (Score:2, Funny)
Some things aren't meant to be for-profit. (Score:5, Interesting)
Re:Some things aren't meant to be for-profit. (Score:5, Interesting)
I'm all in favour of lots of for profit, for free, for the common good, for great justic registrars, as long as they meet some basic technical standards for interfacing with the registry and generally not breaking stuff.
The registry, on the other hand, should be run by a non-profit that understands the Internet and can run it for the common good.
Regards,
Tim.
Re:Some things aren't meant to be for-profit. (Score:3, Insightful)
Re:Some things aren't meant to be for-profit. (Score:1)
Re:Some things aren't meant to be for-profit. (Score:1)
Re:Some things aren't meant to be for-profit. (Score:1)
Better handled by the browser (Score:4, Interesting)
The advantage of having the browser deal with it is that I can turn it on or off (or even customise it) and that it doesn't affect anyone else. The higher up the chain you make the changes, the more people and things you affect.
Talking of error messages, Verisign does have a point when it comes to Firefox. I find their error messages really rather poor (that is, the ones that the browser shows once you've dug out the option from the bowels which really, IMO, should be on by default).
If I submitted better formatted and more informative descriptions for them do you think they'd even consider it? Or is it handled a different way?
Re:Better handled by the browser (Score:2)
Re:Better handled by the browser (Score:5, Insightful)
VeriSign has defended Site Finder by saying it offers a better way to handle nonexistent or misspelled domain names than the unhelpful error messages that some Web browsers currently provide.
Apparently VeriSign believes that DNS is only used for Web traffic, and/or that the Internet is only the Web.
That's why it's no use talking about advantages of disadvantages of their method - their method just makes no sense. DNS (their thing) works on an entirely different level than the Web, they can't know whether a request has anything to do with anyone's web browser at all. They show a page to people using web browsers and break everything else, that's just stupid.
Re:Better handled by the browser (Score:1)
Re:Better handled by the browser (Score:3, Insightful)
The advantage of having the browser deal with it is that I can turn it on or off (or even customise it) and that it doesn't affect anyone else. The higher up the chain you make the changes, the more people and things you affect.
More to the point, fixing problems with browsers is NOT THEIR JOB. It is the jobs of
Sitefinder WILL be reintroduced (Score:4, Insightful)
It's a pity, but it's exactly what PHB's wants.
Re:Sitefinder WILL be reintroduced (Score:5, Interesting)
If the wildcard comes back, you can count on ISPs and software companies building their own overrides for the service (some to prevent it from happening, some to point their users to their service instead). Then, of course, Verisign will modify their system to compensate, etc, etc. That arms race will almost certainly affect the stability of the system, so ICANN's trying to keep it from starting. If that takes getting a court-ordered shutdown, I think they're prepared to take that route.
Who to side with? (Score:1, Funny)
Report Conclusions (Score:5, Insightful)
Although ICANN totally sucks as an organization, the committee certainly did a good job with this report. How the original poster could suggest that it is a strongly biased "propaganda" report is beyond me.
Will Verisign try to find issue with the report? I'm sure. After all, isn't it in the financial and legal interest of Verisign to counter its critics?
Not surprisingly, no one has yet to post counter-claims to the issues and assumptions made in the report.
It is a report, and it may make assumptions, but it certainly isn't a whitewash.
Re:Report Conclusions (Score:2)
I would guess so. They're suing ICANN for, get this, antitrust.
I kind of hope they win and ICANN gets broken up in some way. Where does Verisign's authority stem from again? Oh yeah.
This is biting, chewing, and swallowing the hand that feeds you, then demanding the other one. (I think I just mangled a few metaphors there)
Why does ICANN only have a problem with Verisign (Score:1, Insightful)
Re:Why does ICANN only have a problem with Verisig (Score:1, Informative)
as for
Re:Why does ICANN only have a problem with Verisig (Score:2, Informative)
Re:Why does ICANN only have a problem with Verisig (Score:1)
cx could redirect *.cx
museum could redirect *.museum
It's the SSAC, stupid! (Score:3, Informative)
Now keep on flaming!
Not good tone in the article. (Score:4, Informative)
Re:Not good tone in the article. (Score:1)
Gee, a study (Score:4, Insightful)
[No, I'm not serious. The "studies" others quote are usually independent in a sense, just carefully selected in topic and configuration to be likely to be faviourable, then only published if they're faviourable.]
On another note, SiteFinder was pretty awful. As someone who rejected spam from invalid domains, I felt the pain when SiteFinder went live within minutes. Oh, the spam! It also considerably increased our mail server load for another reason - it tried to deliver bounces to invalid domains instead of freezing them or never generating them.
If VeriSign try to bring that back, I'm finding another Internet
Quit being silly. (Score:1)
Re:Quit being silly. (Score:1)
Let's not forget (Score:2, Interesting)
As my friend in the Army said: "Once is happenstance, twice is coincidence, three times is enemy action".
Veritas delenda est.
Post.com had this one week ago (Score:2)
more anarchy please! (Score:1)
Re:ICANN knows who's to blame... (Score:1)
Does that mean you have to pronounce it "VERY SANE" ?
Re:Dilemma (Score:1)