Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet Government The Courts Your Rights Online News

ICANN Study Slams Verisign 138

Dinglenuts writes "ICANN has just released what I'm sure is a completely neutral and unbiased report, condemning Verisign's Sitefinder service for running afoul of 'community standards and caus[ing] harm to individual users and enterprises.' Seeing as how ICANN is currently being sued by Verisign for making them take down Sitefinder, this opinion can be considered less than revolutionary."
This discussion has been archived. No new comments can be posted.

ICANN Study Slams Verisign

Comments Filter:
  • by xonen ( 774419 ) on Friday July 16, 2004 @03:56AM (#9714518) Journal
    It is the same as with dictators.. Any company that grows big and has influence must take very good care not to abuse it. I donnot have to give names, and some companies even believe themselves they have 'best intentions'.
    But on-topic: i think verisign should loose there license. They have proven they cannot be trusted as independent tld maintainer.
    • by blowdart ( 31458 ) on Friday July 16, 2004 @04:24AM (#9714595) Homepage

      But ICANN is not much better. They have no accountability, refuse to reform [theregister.co.uk], their meetings are basically junkets to somewhere expensive, and they try to gouge [theregister.co.uk] registrars for $15.8m for next year, double the previous years. Lets also not forget the fiasco that was the ICANN At Large [theregister.co.uk], where the directors users voted in where quickly thrown out when they tried to represent user viewpoints.

      Oh, and the too great an influence the US government has on ICANN.

      • by Anonymous Coward
        You've got to wonder why enough people haven't just bailed on these guys and switched to one of the alternate dns root [wikipedia.org] providers.

        I think Opennic [unrated.net] should play especially well here, where they eagerly advertises it's .geek and .oss TLDs on the header of their home page.

        All it'd take is a /. giving up on their ".com" and ".org" and advertising themselves as "slashdot.geek at opennic", and I bet a bunch of us would switch overnight. Enough IT guys switch, and then who cares about all those .Com[mercial] g

        • by SlamMan ( 221834 ) on Friday July 16, 2004 @06:12AM (#9714833)
          enough IT guys switch, and then who cares about all those .Com[mercial] groups anyway.

          All of my users?
          • Insightful? How about clueless.

            How would your users know or care?

            Hint: All the .com, etc domains will resolve just fine with almost all the alternate-TLD providers.

            It's just that if they enter a .geek address they'll get a website instead of a SiteFinder or an Internent Explorer Search page. Don't tell me your users actually depend on such features!

            • PKB. The little problem is that if there's not one database in charge of domain names, some loser will get modded down on /., go to a registrar that ISN'T tucows, register slashdot.com/org/net and break the entire system. Unless every user wants to start memorizing IP addresses and manually create HOSTS files, *someone* has to be in charge.
        • by ahknight ( 128958 ) * on Friday July 16, 2004 @07:12AM (#9714996)
          who cares about all those .Com[mercial] groups anyway

          Umm, it was google dot ... what, again?

          Uh huh, yeah. Get your head out of your GeekPort and come back to the real world.
        • Enough IT guys switch, and then who cares about all those .Com[mercial] groups anyway.

          The badgers do! [badgerbadgerbadger.com]
        • I realise you might be joking, but I'll bite..

          Enough IT guys switch, and then who cares about all those .Com[mercial] groups anyway.

          Ehm.. Just 99.99% of the current Internet-enabled population? To be frank, I don't think alternate DNS-providers are the solution at all. Being in an alternate DNS database might as well mean being on a different net altogether.

          No companies worth their salt goes where there is no customers. The .geek and .oss TLDs speak volumes for themselves...

        • say you wanted to, just in theory. How do you switch between the two as you surf around? Or is just automatic, or what?
        • You see my friend there is this little internal group at every company that seems to have the ear of the suits that sign the checks (well, order someone else to sign the checks). You may think that influential group is you, the IT department. After all you department alone has more years of education and intelligence among its members than all the other departments combined. You'd be wrong though. Who has the ear of the suits? Marketing. And if Marketing says no then no matter how well you know your j
      • by Anonymous Coward on Friday July 16, 2004 @05:23AM (#9714737)
        ICANN is so important there's even a site solely devoted to watching it, icannwatch.org [icannwatch.org]
        Our premise can be simply stated: The Internet is a global resource of incalculable value, and nothing is of greater importance to its future than the way in which ICANN performs its role as manager of the Domain Name System. All Internet users worldwide have a stake in these ongoing events, and our job is to serve as a central point of reference, a kind of hill overlooking the often-chaotic information landscape, from which anyone seeking a better understanding of these developments can survey the ever-changing terrain.
        • ICANN is important because there's a website watching them? There's websites for watching asian girls pee on each other too but I'd hardly call it important to the existence of the internet. (Then again, it might be the very reason for the same...)
          • ICANN is important because there's a website watching them? There's websites for watching asian girls pee on each other too but I'd hardly call it important to the existence of the internet. (Then again, it might be the very reason for the same...)

            Where are my mod points when I need them.....

            • ICANN is important because there's a website watching them? There's websites for watching asian girls pee on each other too but I'd hardly call it important to the existence of the internet. (Then again, it might be the very reason for the same...)
              Where are my mod points when I need them.....

              Where are asian girls peeing on each other when I need them?

              • ICANN is important because there's a website watching them? There's websites for watching asian girls pee on each other too but I'd hardly call it important to the existence of the internet. (Then again, it might be the very reason for the same...)

                Where are my mod points when I need them.....

                Where are asian girls peeing on each other when I need them?

                Probably in Asia. Thailand seems a good place to start, although I'd be careful cause that look on their face could because it burns when t

      • The United States started the internet. Why shouldn't we have a great influence on it? Don't get me wrong I think it should be as unregulated as possible, but it was our idea!
      • They have no accountability
        From your own source:

        ICANN gets its authority from the US Department of Commerce, and all major decisions regarding the DNS root servers must still be rubber-stamped by the DoC.
        From ICANN:

        "Over eighty governments closely advise the Board of Directors via the Governmental Advisory Committee."
        http://www.icann.org/general/

        Oh, and the too great an influence the US government has on ICANN.

        Okay, now you have to make a choice here. Do they have NO accountability or too MUCH
    • by E_elven ( 600520 ) on Friday July 16, 2004 @09:37AM (#9716012) Journal
      It's a good thing we live in a healthy capitalist environment where the market determines who succeeds -if we don't like Verisign, we just won't use it and they'll crash and burn.

      Oh. Nevermind.
  • Uh oh! (Score:5, Interesting)

    by Biotech9 ( 704202 ) on Friday July 16, 2004 @04:00AM (#9714533) Homepage
    The next meeting, which starts Monday, features a workshop aimed at bridging the gap between ICANN and the United Nations, which is becoming increasingly interested in Internet governance.

    The UN getting interested in governing the net?

    Well, it was fun while it lasted. I'm off to spend the last few weeks of internet existence with the badgers [badgerbadgerbadger.com].
    • Re:Uh oh! (Score:4, Insightful)

      by anaplasmosis ( 567440 ) on Friday July 16, 2004 @04:32AM (#9714608)
      The UN, through the ITU, assign all kinds of numbers, codes and callsigns. Did the world come to an end because the US had to paint "N" on the side of their airplanes?
    • Re:Uh oh! (Score:5, Insightful)

      by McDutchie ( 151611 ) on Friday July 16, 2004 @04:39AM (#9714627) Homepage
      Well, it was fun while it lasted. I'm off to spend the last few weeks of internet existence with the badgers [badgerbadgerbadger.com].

      Oh, come on. The Internet survived the US for decades, I doubt the UN (i.e. the good folks that brought us international telecommunications standardization) would kill it any time soon.

    • by Anonymous Coward
      Fortunately the Internet is designed to survive even the UN. The UN like ICANN forget two important facts, we could go all the way back to IP addresses and not use DNS - or much more likely start TLDs outsie the current framework. This is most likely and in fact is already being done. In reality, due to ICANN and Verisign's "muscle control" there are already alternate root servers serving up TLDs - some can be found at: http://www.fact-index.com/a/al/alternate_dns_root . html Each time ICANN and Veris
  • by ErikTheRed ( 162431 ) on Friday July 16, 2004 @04:00AM (#9714535) Homepage
    After this whole thing started I simply had my dns cache resolve verisign.com addresses through my local dns server... problem solved. In fact, I'd forgotten about the whole thing...
    • by csk_1975 ( 721546 ) on Friday July 16, 2004 @05:36AM (#9714764)
      I simply had my dns cache resolve verisign.com addresses through my local dns server... problem solved

      The way sitefinder worked was that Verisign wildcarded the whole .com and .net TLDs so that instead of getting an NXDOMAIN response when doing a query for a non existent domain you got the IP of the sitefinder website. Resolving verisign.com addresses was not the issue.

      Yes there was a way to patch BIND and many other DNS servers so that the wildcarding didn't work and the proper NXDOMAIN reply was given for non existent domains - but simply redirecting requests for verisign.com addresses to your local cache would not have helped.

      The sitefinder service personally bit me when I wasted hours tracking down a fault after I mistyped a domain name into a system which was using port 20000. Instead of getting NXDOMAIN and a simple to fix problem I was getting connection refused - it was not until I put a packet sniffer on the link (after hours of stuffing around) that I noticed that traffic was going to the wrong destination - verisign's then two day old sitefinder "service". But I had no idea that the wildcarding had been done. After fixing the problem and typing in the correct domain I then tried to fix my DNS to see why it was returning this IP instead of NXDOMAIN. Further fault finding led me to discussion in some newsgroups about the wildcarding.

      Needless to say this pissed me off no end and I immediately blocked access to the sitefinder IPs at the border router and then when a patch was available for BIND I installed it on all my servers.

      Verisign needs to remember that PORT 80 IS NOT THE INTERNET.
      • by Anonymous Coward
        For most ordinary people port 80 is in fact the entire intarweb. Anything involving other ports is fraught with great danger and great pains must be taken to ensure that the hoi polloi are not aware of the existence of ports other than 80.

        Even knowledge of the existence of port 80, IP addresses, domains, RFCs, etc., etc. (in short anything a geek understands and knows like the palm of his hand) must be utterly and completely denied them for their own safety and for the preservation of geekdom.

        Anything sh
  • Still amazed... (Score:5, Insightful)

    by halo1982 ( 679554 ) * on Friday July 16, 2004 @04:06AM (#9714557) Homepage Journal
    I'm still amazed by all of this, its really mind boggling. This is no better than those squatter sites (amazing search! etc) and they have complete control over the content and are trying to force everyone to see it. Its sad what some companies are trying to do for money.
    • Re:Still amazed... (Score:5, Insightful)

      by antic ( 29198 ) on Friday July 16, 2004 @04:22AM (#9714594)

      Revoke their license and give it to a company who restricts their commercial endeavours to what is considered *reasonable*.

      Too much power to a company or individual without the best interests of the masses at heart is not a great thing and something should be done about it.

      Google has, and continues to do so, proven that doing the right thing can bring commercial reward and brand loyalty.

      • Re:Still amazed... (Score:5, Interesting)

        by SillyNickName4me ( 760022 ) <dotslash@bartsplace.net> on Friday July 16, 2004 @06:47AM (#9714907) Homepage
        > Google has, and continues to do so, proven that doing the right thing can bring commercial reward and brand loyalty.

        You nor I know what Google is really upto.
        I'm not using their gmail service, and not using Orkut for a number of reasons, all of which come down to me not liking it when a company, regardless of which company, gets interested too much in my social activities and contacts.

        Are they evil with it? I don't think so, but the issue is also that they don't have to be evil for it to go wrong anyway.

        The simple problem is that in the end, they are bound to have too many conflicting activities, and will screw up without any intention of doing so.

        Oh, and I do use their search and advertisement services, don't get me wrogn here, so far they have definitely shown to be a decent company, and its not like they don't deserve my business or such, but a s a matter of principe I do not want companies to try stick their noses into my private life too much, the risks of it going wrong are too big even when all involved do have the best intentions... What happens when the company gets bought out or merges with another one? or goes bankrupt? or what if there is some employee there who decides he wants to make a point???
        Way too much can go wrong, and the more power you collect in one place, the bigger the chance that it will go wrong in a horrible way...

        Fine, but without my data.
        • Re:Still amazed... (Score:4, Insightful)

          by antic ( 29198 ) on Friday July 16, 2004 @07:18AM (#9715024)

          True. Anyone using a webmail service is putting a lot of trust in a company not holding personal missives for private gain. But what's to say that any mailserver out of your hands isn't logging full copies of everything you send?

          Which is the better path?

          1. Spread a tenth of your data between each of ten commercial providers, each with x% chance of abusing it.

          2. Put all of your information with a single operator with that same chance.

          I mean, if you're doing seriously dodgy stuff, then something like Echelon is going to bust you anyway.

          I search with Google, appreciate the traffic it brings my sites, and use their AdSense program. From my experiences with them and other companies, I would trust Google before a lot of others. And that was, ultimately, my point -- doing the right thing (at least in the sense that perception is reality) brings reward. It might not give you 90% market share the week you start the business, or rain angel VC cash upon you, and it won't grab those lovely users who'll use and abuse whatever is the latest craze, but it will (with time) bring you loyalty and long-term users. And those people are priceless -- they'll market your business for you.

          • I definitely agree with your impression regardign trusting Google over many other companies involved in the same business.. yet them being both into social networking, searches and advertising, oh, and add webmail tot hat now, makes for a too powerfull combi to my taste, hence I'll be selective with using them... Searches and adsense are pretty cool tho and can be shown to work in the advantage of everyone :)
          • If you want security your best bet is to use encrypted mail retrived via pop or imap or UUCP or whatever method you like, just as long as you don't read it on anyone else's systems. Oh yeah, and, use the least complicated system you possibly can to arrange that - I might consider a 2.4 kernel linux system and mozilla thunderbird with basically no services running if I were being paranoid. (I don't use encrypted mail, because I don't discuss anything I feel a need to keep secret in my email.)
          • So
            • Run a mailserver locally
            • Use SSL IMAP or ssh + console client (like mutt, which has excellent support for GnuPG
            • Use GPG even for casual mail

            Basically at that point, no one can read your mail, and if you set it up properly, is available anywhere where there's internet access. It's most of the benefits of webmail without losing any control. Echelon may be able to read the headers, but not the content. Of course, this means you are required to put in a not-insignificant effort in getting it to work

            • And add a webserver with ssl and a webmail program (openwebmail, sqwebmail or such) and you can have your webmail as well.

              Webmail has quite some advantages, tho you must be able to trust the machine you are browsing from (but hey, thats still true when using a character based method, if your client is compromised, you are in trouble)

              At any rate, I don't care that much about individual mail being read.

              What I care about in case of Google would be that personal mails generate hits on their advertisements. T
        • I've found the best thing to use gmail for is not personal email, but signing up to mailing lists. True google then knows what lists your on, and a sample of your interests, but the searching features alone make it worth the possible tradeoff.

          Google Ads also comes into play alot better here. When someone on a list is talking about a product or program, there are targeted ads for said product or program right there if im interested.

          Something to think about atleast...

          • > Something to think about atleast...

            Definitely, and I don't have a problem with gmail itself, it is more like I am not going to use google for everything that relates to my onlien activities.

            Do I use a local ISP for most of them? yeah, but in that case I also have a local court to goto when it goes terribly wrong.

            Besides.. I run my own servers for a reason, no ISP except for the sending one will be storing mail for me, it will be transfered through their network tho, but to that other laws apply.
        • Hmmm, well, if the company gets bought or divvied up then you are out of luck if you accepted one of those horrible "we can change the deal at any time in any way for any reason or none whatsoever" clauses. I'd like to see such overbroad provisions declared unenforceable.

          The rogue employee case is pretty simple: 100 million angry customers sue him into oblivion.
          • > Hmmm, well, if the company gets bought or divvied up then you are out of luck if you accepted one of those horrible "we can change the deal at any time in any way for any reason or none whatsoever" clauses. I'd like to see such overbroad provisions declared unenforceable.

            I agree, that would be a nice thing.

            However, what I was talking about isn't so much about what is in the terms and conditions but about the intentions of those in charge of the company.
            • Ahhh, but if you have a contract with the old company, that company's obligations under said contract are part of what the new company bought and they must honor them or face action for breach of contract. Under the usual T&C though the new company is free to change the deal and do whatever they want with your information.

              That's the real problem with a buyout -- you may trust the current owners, but you agreed to trust them *and anyone the company or any portion of its assets is ever sold to*. (This
              • That's the real problem with a buyout -- you may trust the current owners, but you agreed to trust them *and anyone the company or any portion of its assets is ever sold to*.

                It's funny, but I feel exactly the same way about expanding government powers in the PATRIOT mold.

                Well, not that I exactly trust the current government, but I'm just drawing the parallel, eh?
      • Revoke their license and give it to a company who restricts their commercial endeavours to what is considered *reasonable*.

        Or better yet, don't give it to a commercial company at all. It should be a public utility.


    • The site finder stuff was significantly different than squatter sites:
      1. The spell checker seemed to do the right thing and made reasonable suggestion for what you might have meant. The squatter services are usually just the advertisements without the useful "did you mean" feature
      2. You have the option of buying any domain on site finder as opposed to the squatters who have already bought the domains and won't sell them to you for a reasonable price.

      As a webmaster, I actually liked site finder because i

  • by karl.auerbach ( 157250 ) on Friday July 16, 2004 @04:12AM (#9714570) Homepage
    ICANN's SSAC came up with the right answer with respect to Verisign's "Sitefinder" but they did so using a method that contains the seeds of an even greater danger to the net: unprincipled and subjective condemnation of change on the net.

    See my note on this at http://www.cavebear.com/cbblog-archives/000108.htm l [cavebear.com]
    • ". . . a method that contains the seeds of an even greater danger to the net: unprincipled and subjective condemnation of change on the net."

      Unless we're talking about two different things, that's been around in bulk for a long time.

    • by arcade ( 16638 ) on Friday July 16, 2004 @04:57AM (#9714670) Homepage
      ICANN's SSAC came up with the right answer with respect to Verisign's "Sitefinder" but they did so using a method that contains the seeds of an even greater danger to the net: unprincipled and subjective condemnation of change on the net.

      While I certainly think it is good that people are sceptical to ICANN, I think this issue is the wrong time to voice those concerns. As you yourself state in your blog - "Sitefinder is so bad that the fact that ICANN is using vigilante methods to combat Sitefinder might be overlooked in our emotional reactions to the situation."

      Sitefinder was incredibly bad. I had scripts failing all over the place due to not being able to rely on DNS providing proper "host not found" answers any more. I'm sure I was not the only one.

      While I agree that the report could've been better - the important thing in this case is to support ICANN. The enemy of my enemy is my friend - at least temporarily - and at least about this issue.

      There is a proper time and place for criticism. This is not the proper time to criticise ICANN, in my opinion.
      • by SillyNickName4me ( 760022 ) <dotslash@bartsplace.net> on Friday July 16, 2004 @06:56AM (#9714940) Homepage
        > The enemy of my enemy is my friend - at least temporarily - and at least about this issue.

        Ah yes... that is the exact strategy that got us all kinds of nice things... like... we did get the Russians out of Afghanistan with help of our 'friends' there... too bad those same friends decided later it was a good idea to fly planes into buildings..

        Sorry to pull in that bit of not so nice world history, but this way of reasoning is so amazingly short sighted and stupid, how much more proof of that do you need really??

        Before you ever consider anyone a friend, look first what motive they have for being friendly to you right now..

        You can have a temporary alliance with what is normally your enemy in order to fight a bigger, common enemy... but never ever regard such an alliance as 'friends', it is a big and often repeated historical mistake that time and again proves itself to be a really really serious mistake.

        In other words... ICAN is on the same side as many of us are in this issue, well, good, but it won't change in any way what I think about them, the only way to change that is by actually addressing their internal problems.
        • Indeed, people who treat you nicely for business reasons are not friends. The enemy of my enemy will turn around and bite me at the moment changes in his situation makes that profitable.

          Business is not a social setting; it is combat without the knives. Watch your back.
    • by BigRedFish ( 676427 ) on Friday July 16, 2004 @05:09AM (#9714706)

      unprincipled and subjective condemnation of change on the net.

      Huh? There's nothing subjective about the fact that looking up a non-existent domain name is supposed to return an Unknown Host error. I can think of plenty of applications that might rely on such a result code, spam-filtering being but one obvious example. Specs are specs.

      ICANN didn't say that the specs are written permanently in stone - only that if one wants to change a spec, there are procedures that must be followed: public proposal, followed by peer review and discussion of the consequences being the big points. If the change is approved, then reasonable lead time needs to be given following final adoption of the new spec, so sysadmins have time to review their systems and update any affected code in preparation for the change.

      Verisign did none of the above. They unilaterally and capriciously changed an important result code worldwide, with practically no notice given, and gave it no review whatsoever - not even internally. How else to explain doing it with email, which could easily have blown their own mail server off the net from the sheer volume of forged-header spam bouncing off non-existent recipient addresses? No tech ever really thought this one through (or if they did, they were ignored by BizDev/Marketing, which seems to me most likely).

      Maybe ICANN is unprincipled, maybe not. But Verisign is unprincipled. Just because Peter's a jerk doesn't mean Paul's a saint. They might both be jerks. It's not a zero-sum game.

      Lots of people have problems with ICANN, but that's a separate issue, unrelated to the fact that Verisign has proven itself unworthy of its station. Given that this lawsuit even exists, it proves that they (Verisign) haven't learned anything from all this, and shouldn't be allowed anywhere near top-level DNS servers.

    • Indeed; let's just take a look on .tv [guesswhat.tv]: It always worked this way.. Why does noone complain that it messes up the .tv domain? Yes, because it was always messed up ;)
  • by Quirk ( 36086 ) on Friday July 16, 2004 @04:19AM (#9714583) Homepage Journal
    From the article: ""Different people and different organizations have divergent views on what constitutes the common good, on what constitutes acceptable and desirable goals, and what are legitimate and ethical constraints," Auerbach wrote..."

    It's interesting to watch the dynamic that is the evolution of the administration of the net. ICANN is seen by much of the world as to American centric and requiring, possibly a UN governing body to replace it or some other world centric governing body. Perhaps the growing pains of the European Union could offer some lessons as to how to best govern the net. It must irk many nations and organizations to see the administration and future plans for the net played out in American courts.

    Tim Berners-Lee [w3.org] saw the founding of the web as a world wide endeavour surely a body as important as ICANN should be under the ageis of the UN?
  • *cough* (Score:1, Funny)

    If this isn't the pot calling the kettle black. Verisign does it for money. ICANN just does it for the sheer pleasure of wielding power and being assholes.

    I knew Jeremy Porter when he was on ICANN, and that man is a total prick.

  • House of Mirrors (Score:2, Insightful)

    I've often thought how accurately humanity is reflected on the net sometimes, like a mirror. Including the good, the bad, and the ugly. It looks like human nature is spilling over into the governance of the net itself - so much for neutrality!

    On a somewhat related note, I'm wondering if it even makes sense to waste energy bashing governments and corporations anymore. Sure, a corporation is a fictitious person, but that sure looks like real signatures on the contracts and international treaties.

  • by JosKarith ( 757063 ) on Friday July 16, 2004 @04:39AM (#9714625)
    ICANN and Verisign are behaving in the same way as a pair of spoilt toddlers. What the world needs is for their teacher to come along and give the pair of them a slap
  • by mrchaotica ( 681592 ) on Friday July 16, 2004 @04:39AM (#9714626)
    What really needs to happen is that domain registration and management needs to be handled by a non-profit organization, so they don't have as much of an incentive to screw with stuff. I'm not convinced that registrars like Verisign should even be allowed to exist.
    • by timftbf ( 48204 ) on Friday July 16, 2004 @04:59AM (#9714673)
      Be careful with the registry / registrar distinction.

      I'm all in favour of lots of for profit, for free, for the common good, for great justic registrars, as long as they meet some basic technical standards for interfacing with the registry and generally not breaking stuff.

      The registry, on the other hand, should be run by a non-profit that understands the Internet and can run it for the common good.

      Regards,
      Tim.
      • Well, I'm not a big fan of the capitalistic nature of registrars either -- I don't have to pay extra for a postal address or a phone number (they come free with buying a home and buying phone service, respectively), so why should I pay separately for a domain name, especially one that nobody else wants, like my name?
  • by Mr_Silver ( 213637 ) on Friday July 16, 2004 @04:55AM (#9714658)
    VeriSign has defended Site Finder by saying it offers a better way to handle nonexistent or misspelled domain names than the unhelpful error messages that some Web browsers currently provide.

    The advantage of having the browser deal with it is that I can turn it on or off (or even customise it) and that it doesn't affect anyone else. The higher up the chain you make the changes, the more people and things you affect.

    Talking of error messages, Verisign does have a point when it comes to Firefox. I find their error messages really rather poor (that is, the ones that the browser shows once you've dug out the option from the bowels which really, IMO, should be on by default).

    If I submitted better formatted and more informative descriptions for them do you think they'd even consider it? Or is it handled a different way?

    • Like MSIE's "search from the address bar" misfeature (and its default settings)? I'd rather have an error message.
    • by Scarblac ( 122480 ) <slashdot@gerlich.nl> on Friday July 16, 2004 @05:39AM (#9714770) Homepage

      VeriSign has defended Site Finder by saying it offers a better way to handle nonexistent or misspelled domain names than the unhelpful error messages that some Web browsers currently provide.

      Apparently VeriSign believes that DNS is only used for Web traffic, and/or that the Internet is only the Web.

      That's why it's no use talking about advantages of disadvantages of their method - their method just makes no sense. DNS (their thing) works on an entirely different level than the Web, they can't know whether a request has anything to do with anyone's web browser at all. They show a page to people using web browsers and break everything else, that's just stupid.

    • VeriSign has defended Site Finder by saying it offers a better way to handle nonexistent or misspelled domain names than the unhelpful error messages that some Web browsers currently provide.

      The advantage of having the browser deal with it is that I can turn it on or off (or even customise it) and that it doesn't affect anyone else. The higher up the chain you make the changes, the more people and things you affect.

      More to the point, fixing problems with browsers is NOT THEIR JOB. It is the jobs of

  • by Anonymous Coward on Friday July 16, 2004 @04:59AM (#9714674)
    I hate Sitefinder as much as the rest of you, but you can bet your asses that it will be reintroduced. It's a moneymaking machine, and I'm sure Verisign won't let all the work behind Sitefinder down the drain.

    It's a pity, but it's exactly what PHB's wants.
    • by gclef ( 96311 ) on Friday July 16, 2004 @06:04AM (#9714816)
      While you're probably right, what ICANN's trying to prevent is the arms race that reintroducing Sitefinder (specifically the DNS wildcard) will cause.

      If the wildcard comes back, you can count on ISPs and software companies building their own overrides for the service (some to prevent it from happening, some to point their users to their service instead). Then, of course, Verisign will modify their system to compensate, etc, etc. That arms race will almost certainly affect the stability of the system, so ICANN's trying to keep it from starting. If that takes getting a court-ordered shutdown, I think they're prepared to take that route.
  • ICANN is a mess. Verisign is doing things that are wrong. I guess I side with Microsoft... Oh crap. Um...
  • Report Conclusions (Score:5, Insightful)

    by ljavelin ( 41345 ) on Friday July 16, 2004 @06:47AM (#9714906)
    I actually read the report, and I have to say that it is pretty sound.

    Although ICANN totally sucks as an organization, the committee certainly did a good job with this report. How the original poster could suggest that it is a strongly biased "propaganda" report is beyond me.

    Will Verisign try to find issue with the report? I'm sure. After all, isn't it in the financial and legal interest of Verisign to counter its critics?

    Not surprisingly, no one has yet to post counter-claims to the issues and assumptions made in the report.

    It is a report, and it may make assumptions, but it certainly isn't a whitewash.
    • > Will Verisign try to find issue with the report?

      I would guess so. They're suing ICANN for, get this, antitrust.

      I kind of hope they win and ICANN gets broken up in some way. Where does Verisign's authority stem from again? Oh yeah.

      This is biting, chewing, and swallowing the hand that feeds you, then demanding the other one. (I think I just mangled a few metaphors there)

  • by Anonymous Coward
    I don't like defending Verisign, but something IS wrong here. Why is it that they get slammed for running sitefinder when many other TLDs such as .museum and the infamous .cx run similar services and without any complaint from the community? If we're going to oppose this sort of thing, we must be consistent about it instead of just singling out one offender and letting the rest alone.
  • by bathmann ( 797470 ) on Friday July 16, 2004 @07:10AM (#9714989)
    It's the Security and Stability Advisory Committee of Icann which issued the report not the Board of Icann! This committee is literally filled with top-notch DNS experts (see here: Members of the Committee [icann.org]) and I don't think they give a rat's ass about Icann's issues with VeriSign. Btw, 2 VS employees are also members of the SSAC...

    Now keep on flaming!
  • by Performer Guy ( 69820 ) on Friday July 16, 2004 @07:30AM (#9715070)
    How about a bit of ballance, remember that ICANN is *supposed* to police this stuff, and Verisign's actions were just unbelievably bad. Verisign are suing ICANN for finally doing its job, even if you don't like ICANN you can't support Verisign in this.
    • No argument there, I thought Sitefinder was one of the stupidest, greediest, egregious instances of overstepping one's authority, ever. I just wanted to communicate my complete lack of surprise that ICANN would publish a negative report about Verisign, seeing as how they're at eachother's throats.
  • Gee, a study (Score:4, Insightful)

    by Craig Ringer ( 302899 ) on Friday July 16, 2004 @07:38AM (#9715099) Homepage Journal
    Perhaps ICANN are simply doing what so many other companies love to do, but cutting out the middleman?

    [No, I'm not serious. The "studies" others quote are usually independent in a sense, just carefully selected in topic and configuration to be likely to be faviourable, then only published if they're faviourable.]

    On another note, SiteFinder was pretty awful. As someone who rejected spam from invalid domains, I felt the pain when SiteFinder went live within minutes. Oh, the spam! It also considerably increased our mail server load for another reason - it tried to deliver bounces to invalid domains instead of freezing them or never generating them.

    If VeriSign try to bring that back, I'm finding another Internet :-P
  • Just because ICANN is a power-grabbing organization with very little connection to the Internet community doesn't mean this report is off-base. Operators genuinely dislike Sitefinder for a number of both technical and political reasons. Sitefinder is bad, stop pretending like it isn't.
  • Let's not forget (Score:2, Interesting)

    by DSP_Geek ( 532090 )
    People who used Verisign's Web-based domain name search got their domains hijacked more often than not. It happened to my stepbrother, along with a number of other people I know. The sleazeballs didn't even *try* to make it look legitimate: from lookup to hijack took around a dozen hours.

    As my friend in the Army said: "Once is happenstance, twice is coincidence, three times is enemy action".

    Veritas delenda est.
  • washingtonpost.com first reported on the ICANN Site Finder report last Friday (July 9). Read the story here [washingtonpost.com].
  • This whole incident shows that we need more diversity in DNS servers. We don't need the U.N., we don't need ICANN. We need the market. There is nothing to stop any private organization from running its own DNS systems. Competition should help solve the outrageous prices from ICANN. Because of the single organization choke point nature of the present DNS system, it attracts governmental attention as a potential censorship tool. That is why the U.N. is sniffing around. We need so many diverse DNS organization

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...