Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Censorship The Internet

VeriSign Wants Ability To Suspend Domains Without Court Order 123

GeorgeK writes "VeriSign, the monopoly registry operator for .com/.net domain names, has submitted a proposal to ICANN (PDF) describing an 'Anti-Abuse' policy. If allowed to proceed with such a policy, they would become judge, jury and executioner, with the ability to suspend or even cancel alleged 'abusive' domain names without due process for registrants. The proposal even recognizes that legitimate domain names may be taken down improperly, and offers a 'protest' procedure. However, VeriSign does not appear to offer any ability to protest an accusation of abuse before the suspension or cancellation. They intend to 'shoot first and ask questions later.'"
This discussion has been archived. No new comments can be posted.

VeriSign Wants Ability To Suspend Domains Without Court Order

Comments Filter:
  • by Bobfrankly1 ( 1043848 ) on Wednesday October 12, 2011 @10:03AM (#37690508)
    ...this presents no opportunities for abuse.
    • Re:Of Course... (Score:5, Insightful)

      by Anonymous Coward on Wednesday October 12, 2011 @10:14AM (#37690692)

      Don't forget to pay your $299.99 VeriSign Domain Protection Reactivaton Fee, you cocksmoking teabaggers!

      • Mod +10 insightful. That's exactly what will come next, or some sort of Verisign Domain Deactivation Insurance Fee. Why, after all ill deeds of this company ICANN still allowed them within a thousand miles of being primary root/registrar for the two most important TLDs is beyond me. VeriSign has shown sufficient avarice, maliciousness and incompetence on a sufficient number of occasions that it just baffles my mind that they didn't have it yanked years ago.

        • by egamma ( 572162 )

          VeriSign has shown sufficient avarice, maliciousness and incompetence on a sufficient number of occasions that it just baffles my mind that they didn't have it yanked years ago.

          Do you have any assurance that someone else could do a better job? Better the devil you know...

          • Re: (Score:2, Insightful)

            by Anonymous Coward

            Do you have any assurance that someone else could do a better job? Better the devil you know...

            That is the devils argument.

            Change, change again, change again and sooner or later you will find something you can tolerate.

          • Re:Of Course... (Score:4, Insightful)

            by MightyMartian ( 840721 ) on Wednesday October 12, 2011 @11:07AM (#37691498) Journal

            I was the network guy for a small ISP when Verisign introduced Site Finder. Believe me, at that point my boss and I decided it couldn't be worse if Satan was running those TLDs, and we weren't quite sure if it wasn't Satan running them.

        • Re: (Score:3, Informative)

          IIRC, ICANN/IANA tried to sue them out of business in the late 1990s when they partially screwed up DNS (replacing NXDOMAIN answers with their "domain finder" landing page). VeriSign won in the last second using legal tricks and soon made friends with similar minds in the US gov. Since then they grew rapidly and -which irony- went from rogue provider to "security provider" and even CA. Wikipedia has some very insightful articled about the "domain finder" affair.
        • by rtb61 ( 674572 )

          Lets not forget the Verisign complaints fee, register a complaint and pay a substantive deposit to have any name taken down for any reason, all liabilities are yours and Verisign keeps the deposit money. Why the rest of the world hasn't told ICANN to take a leap with Verisign, well, I guess it is only a matter of time.

      • It will be a mandated purchase, for $499.00, with cost savings to make that $599.00, you cocksmoking occupiers!

      • Dibs on verisignisthedevil.com.
    • I'm sure their solid record of "cooperation" will prove a valuable asset when the next round of selecting-the-guys-to-run-the-.com-TLD comes around...
    • The answer should be not no, but hell no. We don't need VeriSign. We can find other companies that will do what VeriSign does without violating our First Amendment right to free speech.

      • We can find other companies that will do what VeriSign does without violating our First Amendment right to free speech.

        That shouldn't be hard, seeing how VeriSign only operates a few database machines. That said, VeriSign doesn't violate the First Amendment, seeing how that only prevents the government from limiting your free speech; as it turns out, that's one Hell of a loophole.

        • VeriSign, when working in conjunction with the federal government, works as an agent of the government. Hence, denial of their domain would be a denial of their free speech rights which would be a violation of a person's first amendment rights. And it is a first amendment rights violation. Since VeriSign does not own the domain name system nor the certificate system they are working as part of a larger project funded and likely directed by the Federal Government and hence their actions are directly tied

      • Good luck with that!

    • Let's sort of clarify some of this for you guys. Verisign is like a sign company. It simply makes something that identifies you. It doesn't own what is created. For instance, your business name is used as a domain name. Just because VeriSign gives you the domain it doesn't mean that it owns that company name, even within the context of the domain.

      If you allowed VeriSign that sort of control it would be like a sign company that made a sign for your business being able to shut down your business because

  • by GameboyRMH ( 1153867 ) <gameboyrmh@@@gmail...com> on Wednesday October 12, 2011 @10:04AM (#37690542) Journal

    Governments and corporations keep leapfrogging each other as the biggest threat to the Internet. How are we supposed to know which threat to focus on dammit!

    • Re:This is nuts (Score:5, Insightful)

      by dintech ( 998802 ) on Wednesday October 12, 2011 @10:15AM (#37690722)

      You just have you realise that Goverment and Corporations are actually the same thing, then your job becomes easier.

    • Governments and corporations keep leapfrogging each other as the biggest threat to the Internet. How are we supposed to know which threat to focus on dammit!

      Don't trust either one. Don't take anything either one says at face value. Use caution before you proceed. The world (and the intertubes) has changed.

      • Re:This is nuts (Score:5, Insightful)

        by HiThere ( 15173 ) <[ten.knilhtrae] [ta] [nsxihselrahc]> on Wednesday October 12, 2011 @01:12PM (#37693286)

        No it hasn't. You've just become more aware. You can trace deals like this at least as far back as the building of the railroads in the US. I believe that Britain has records of similar hijinks that go back to the middle ages. I'm sure other countries do too. They'd go back further, but corporations were invented during the middle ages. Before then, and even while they were developing, most of the slimy deals were made by individual wealthy people. Corporations didn't really become commonly dominant until after WWI, possibly as late as WWII. Before then the major problem was tycoons. And before them aristocrats.

        None of them have ever been worth trusting as classes, though I'll admit that individual people were sometimes trustworthy. But that was unusual. Powerful organizations are not trustworthy. It's not money that corrupts, it's lack of consequences. You see it in corporations, you see it in politicians, you see it in police, you even see it in anonymous e-mail. It's pretty nearly universal. Some individual people avoid corruption. But it isn't what one should expect.

        This is why control in civilization should be decentralized. So that people can't create for themselves "spheres of invulnerability". But this goes contrary to what everyone wants, because everyone wants a "safe space", where they can control what happens. This isn't a problem, unless that "safe space" infringes on other people.

        P.S.: Anyone know a cell phone that has a white-list option? (I, too, want a safe space. A space where I can decide who is allowed to interrupt me.)

        • Money directly causes lack of consequences, or ameliorates them, often significantly. Therefore, money does corrupt. Power likewise.

        • Every government employee or agent of the government that violates someone's constitutional rights (any and all rights) should be charged with a crime. It is that simple. The law covering that should not allow anyone to be shielded by the government nor pardoned by the government. We'd see far fewer issues where corporations collude with the government....

          as clearly is the case with VeriSign today.

    • Re:This is nuts (Score:4, Insightful)

      by bill_mcgonigle ( 4333 ) * on Wednesday October 12, 2011 @10:27AM (#37690910) Homepage Journal

      How are we supposed to know which threat to focus on dammit!

      Don't. Build the distributed replacement for DNS.

      • DNS by it's nature requires some hierarchy. Either that or you end up with a system that's forced to use nonsense names like .onion sites and namecoin.

        That said a DNS system could be controlled by a democratic online community, that's probably the best compromise.

        • The protocol between DNS servers would have to be changed in a P2P DNS system.

          The protocol between DNS Server and clients would not have to change at the onset. Only once Corps and Govs decide to go MAFIAA on the new DNS system will the Client/Server protocol need to go Encrypted/Obfuscated. /RANT
          My grand-children will not believe me when I'll tell them that DNS requests and answers used to be plain text and handled by a monopoly.

          • Yeah the encrypted P2P protocol is no problem, many systems have done that already. Administration is the problem if you want to retain anything resembling the current naming system.

            • That's where Social engineering comes in.
              The same system that decides which DNSname belongs to which IP will have to Tamper/Troll proof.
              -What happens when a Name changes hands?
              -What happens when Judge decides to show the world he knows nothing about the DNS system to please the Rich/Gov?
              That's the the fun part.

              Gee, I just proved your point!

        • DNS by it's nature requires some hierarchy. Either that or you end up with a system that's forced to use nonsense names like .onion sites and namecoin.

          The current DNS is a hierarchy, but that doesn't mean that every hierarchy has to be implemented like the current DNS, that every Internet naming system has to be hierarchical, or that any alternate system would require nonsensical names.

          • A DNS system without an administrative body would require nonsensical names. Either that, or a first-come-first-served system, which is probably worse.

        • by makomk ( 752139 )

          Errm... the entire point of namecoin is that it can be used to register meaningful domain names in a decentralized way.

      • by mini me ( 132455 )

        Build the distributed replacement for DNS.

        So... DNS? DNS is already distributed. You are, however, faced with the age old problem of how to convince everyone else to switch. A few takedowns by Verisign isn't going to do anything.

        • So... DNS? DNS is already distributed.

          The root of each TLD is centralized. That's how we wind up with TFA's problem.

          There's a group that has something working reminiscent of the way torrent magnet links work. I can't remember their name now.

          You don't need everybody to switch - you just need to get resolvers to support the alternate lookup method and provide a better solution for enough users. If it works right, most people don't notice the alternate plumbing.

          • by vlm ( 69642 )

            There's a group that has something working reminiscent of the way torrent magnet links work. I can't remember their name now.

            google for namecoin ? For some value of reminiscent, thats correct, for some value of correct anyway.

          • by mini me ( 132455 )

            The root of each TLD is centralized.

            Yes, but there's nothing stopping us as a collective from changing who controls those roots. If we want to give com to Joe Bob, it is just a matter of having everyone update their DNS server settings.

            • Yes, but there's nothing stopping us as a collective from changing who controls those roots. If we want to give com to Joe Bob, it is just a matter of having everyone update their DNS server settings.

              I totally agree. Then we need to worry about how Joe Bob is going to behave instead of NetSol. Mass-consensus is good, but single points of failure are undesirable.

          • Right, except that would fragment the DNS infrastructure and break about 15 RFCs ... not to mention the entire concept of a URL, which is supposed to mean UNIVERSAL Resource Locator.

            That's "Universal" as in, you won't have to say, "oh, yeah man, just go to example.com ... on MicroDNS, not QuicknetDNS."

            • Re:This is nuts (Score:4, Insightful)

              by bill_mcgonigle ( 4333 ) * on Wednesday October 12, 2011 @03:43PM (#37695266) Homepage Journal

              All true, and great for a time when John Postel was what it meant to run a registry. The RFC's didn't anticipate the kind of interference that NetSol is proposing.

              There doesn't have to be namespace collisions, though. Why is it that Visa cards are all 4xxx, MasterCards are 5xxxx and Discover cards are all 6xxx? Couldn't Visa start issuing cards in the 5xxx range? Of course, but it's mutually beneficial for all of the players to interoperate. Nobody would trust a name service provider that was purposefully destructive (unless forced to through monopoly) so we would expect they'd operate in a trustworthy manner by default.

              Also look at the world BGP routing table. It's all distributed, you have to earn trust to participate, and there are occasional mistakes. Even still, it lets me get these characters from here to wherever Slashdot's server are, and has proven effective, even if there's room for improvement. Imagine if everybody had to go register their routes through a single route registrar and make changes on their website.

              • Alright, points taken and I withdraw my objection (to the extent that has any significance on Slashdot). You certainly know the topic better than I.

          • You can not show any single system that is entirely distributed, even all P2P crap that is 'distributed' ends up with a central starting point in order for it to be useful.

            Bittorrent? Useless without trackers and torrent sharing websites ... the trackers clearly can go away, but still need the central directory for sharing files.

            P2P file sharing ... guess what? Same thing, still need a central starting point to find everyone else.

            Anarchy doesn't work for anything other than Anarchy. What happens when you

            • Bittorrent already works fine without trackers, it uses DHT. You just need one - any - node to connect.

              As for torrent sharing websites, how are they centralized? Anyone can build one. You can put the same torrent file on multiple, so even if one is taken down it still works.

              Hell, here [magnet]. Slashdot is now a torrent sharing site, thanks to magnet links. How's that for decentralized?

    • People who are greedy, people who are power hungry, etc. are the same no matter where. They go to where the path of least resistance is. In some countries they are the inner party. In others they wear top hats and monocles. At times they lead the guilds/unions. Sometimes they co-opt the press. In some they have the top hats, inner parties, unions and press badges.

      The Noble Peace Prize was created after Noble realized his peaceful and life saving invention of TNT had been co-opted for war. TNT is just

  • by cgenman ( 325138 ) on Wednesday October 12, 2011 @10:12AM (#37690662) Homepage

    I'm sure they will offer a service where your domain is "Pre-Verified" and not subject to abuse takedowns... For $1,000 per year, of course.

  • Doesn't matter if the original owner doesn't want to sell, for a price it can be made available.
  • Domain Names have all the rights of corporations which are people ?

    Many of these abusive domains are very fleeting and transient designed to live for just a few hours. If you want due process, it has to come before the registration. So domain name registration would then follow guidelines similar to Trade Mark and other corporation registration rules. It would slow down the registration process a lot and impact the fees Verisign is currently collecting. The domain name abuse is getting to be very bad, and it could trigger legislation. Legislation by the congress critters who imagine internet to be a series of tubes would put onerous burdens in the registrants and the registrars. So it is heading it off at the pass.

    • by Miamicanes ( 730264 ) on Wednesday October 12, 2011 @10:25AM (#37690886)

      Well then, a reasonable compromise to limit the potential for collateral damage might be a rule that makes it impossible for them to suspend a domain that's been registered in good standing for more than a year without full due process, and provides a way to register a domain quickly, but subsequently complete a more exhaustive registration process that -- when completed -- immediately grants the domain the same protected status as one that's been around for more than a year.

      That way, they can still nuke botnet command & control domains, but somebody whose domain has been around for more than a year (OR who has completed the more time-consuming registration procedure) could sleep at night knowing that Metaphorical Judge Dredd isn't allowed to touch THEIR domain. It wouldn't completely eliminate collateral damage, but it would eliminate the overwhelming majority of situations where a legitimate domain owner could suffer financial damage due to a careless or hasty employee somewhere.

      • by vlm ( 69642 )

        That way, they can still nuke botnet command & control domains

        Not sure why that is the responsibility of the DNS registrar. Sounds a heck of a lot more like an ISP's job at the level of the IP router / bgp feed / resolving dns server.

        The purpose is probably a lot more oriented toward pirate bay, planned parenthood, 4chan, those type of dns names.

      • That way, they can still nuke botnet command & control domains, but somebody whose domain has been around for more than a year (OR who has completed the more time-consuming registration procedure) could sleep at night knowing that Metaphorical Judge Dredd isn't allowed to touch THEIR domain.

        Yea, and so can the spammers who have been planning for this to go into effect and have had thousands of names registered for over a year now through various individual names and companies.

        They can use one a day and even if it gets cut off within a few minutes of the spam starting, they'll still be making a fortune off of them.

        Spammers are more than willing to play be any technical rules you want to throw at them. More spammers use SPF and Domain Keys to prevent getting marked as spam then normal mail serv

  • I think it's time for Anonymous to take down Verisign...

    • Sure, like THAT wouldnt add more fuel to the fire.
    • Re:Anonymous (Score:4, Interesting)

      by fuzzyfuzzyfungus ( 1223518 ) on Wednesday October 12, 2011 @10:23AM (#37690858) Journal
      A DDoS or a petty "doxing" would be boring; but my schadenfreude lobe would be pulsating with happiness if their private signing key(s) were to make their merry way into the world.... Can you imagine the mayhem?
      • I'm all for it if it gets ICANN to terminate Verisign's .com and .net registry contract.

      • by Pieroxy ( 222434 )

        Well. It'll take that to make people think about our crappy system controlled by corporations. Then, maybe, we'll find and adopt something that actually works and is secure.

        That said, I have an interior grin (correction, it just came out) just thinking about the face of the top-management at VeriSign the day they discover their private keys on the web.

      • You know what would be even cooler? If Anonymous found a polynominal-time method of factoring large semi-primes, thereby breaking the RSA cryptosystem, and published the algorithm!

        Now *that* would cause mayhem, and be perfectly legal too!

        It's a little harder though.

  • by pablo_max ( 626328 ) on Wednesday October 12, 2011 @10:20AM (#37690812)

    I am asking for such powers. Just because I asked for it, does not mean I will get it.

  • Seriously, as if they wouldn't abuse their position, yet again...

  • IF they make Digital trespass, I.E. cracking into any company's servers and DDOS attacks legal activity. I fully support them being able to do DNS resolution Attacks on their customers.

    • by Anonymous Coward

      Revoking DNS will do nothing to block DDOS and similar outgoing hacks. It could be used to quickly take down scam/malware pushing sites though.

    • IF they make Digital trespass, I.E. cracking into any company's servers and DDOS attacks legal activity.

      In America thats already true.

      Any Unauthorized access to a computer system is prohibited by law and punishable by large fines and jail time, has been since Mitnick's time at the least.

      • I should add, that 'unauthorized' means any sort of access you aren't allowed to do, regardless to how you do it. Doesn't matter if I say 'The password to my account is fifty7', unless you are specifically authorized to use it, its still illegal for you to do so, just like its illegal for you to enter my home even if you found a key without my authorization.

  • Yes, I read the FA. (Score:5, Interesting)

    by poofmeisterp ( 650750 ) on Wednesday October 12, 2011 @10:28AM (#37690924) Journal

    They intend to 'shoot first and ask questions later.'

    This is helpful for potential malware/virus/etc sites - take it down NOW and address afterwards. As long as the ones taking the deactivation move witness it themselves, it's doable.

    The problem comes with reports. Let's say you get 100 reports of a domain being a nasty one in a 5-minute period of time. You just *wham-bam* take that domain down without looking at it and you could have just been the worst link in a staged act chain.

    I'm not trying to be an ass, but I'm posting what I witness daily: Everyone wants to save money, including big companies. If VeriSign were to have this ability (along with other TLD registrars), then they will likely want to automate everything they can. See paragraph 2 above.

    • Here's a good way to avoid that.

      Require forced takedowns to be backed by affidavits signed under penalty of perjury.

      Then someone who lies to the registry and causes a false takedown gets fined or locked up.

  • Don't we have laws and such against these? For what reason is this company still whole?
    • Re:Monopoly? (Score:4, Informative)

      by imric ( 6240 ) on Wednesday October 12, 2011 @10:38AM (#37691046)

      You can be a monopoly. It's not illegal.

      It's illegal to abuse monopoly status, though.

      • Something like this seems to fall under the category of "abuse", but I'm sure the well oiled lawmakers see it differently.
        • by imric ( 6240 )

          *chuckle* Not the power to abuse, but the act of abuse. Lawyers will get paid every time it happens. *cha-ching*

        • Something like this seems to fall under the category of "abuse", but I'm sure the well oiled lawmakers see it differently.

          The US government WANTS this. They can then do takedowns without even the pro forma court-orders they get now; just a word to Verisign and the domain is gone, no questions asked.

  • See. If you 'let it be' and everything becomes private, you end up in that situation - private parties, on which you have no rights over, decide how you live your life. what you hear, what you can know.
    • I can choose to use a TLD other than .com, making this another one of your angsty yet utterly ignorant posts.

      • and the interests behind this will be as stupid as to not pursue any further avenue to censor is it. are you forgetting that icann is a private american corporation, and currently holds domain name system ?
  • What's the process to report an abusive domain? I've taken as much abuse from these people as I can stand. I'd like to report verisign.com
    • verisign.com has sovereign immunity because it is owned by the registry responsible for the domain it is under.

      See: allodial title.

      If you have any beefs with verisign's handling of the internet you'll have to take it up with ICANN.

  • by GeorgeK ( 642310 ) on Wednesday October 12, 2011 @10:49AM (#37691188) Homepage

    Thanks for accepting the article. ICANN is still reviewing the proposal. If folks share my concerns, please do send them your comments by emailing registryservice@icann.org (from the top of ICANN's Registry Services Evaluation Process page [icann.org]). You can view comments by others here [icann.org]. EasyDNS has submitted their concerns too.

    At a minimum, they should open up a formal 30 day public comment period that is widely advertised, in order that domain name registrants can be heard.

  • ... in countries where the government-licensed utilities already have this power.

    If TLD management were split among countries, so that Verisign handled .com and .net for US-based companies and foreign subsidiaries or foreign registrars handled it in foreign countries, then this kind of power might make sense for some foreign subsidiaries of Verisign or for some foreign registrars.

    As for companies based the United States who use a domain registrar in the United States, yanking a domain name without a court o

  • Just say no to idiocy. I hope their "proposal" is rejected as the bad idea that it is. Mind you, it just encourages me and everyone else to dump this monopoly in favour of other ones that are less obnoxious. I.e. other domain registries e.g. country codes or .org or whatever.
    • by HiThere ( 15173 )

      Unnh...ICANN is authorized by act of congress. They have a contract with Verisign. So this is a legally authorized monopoly.

      You can only "dump it" by refusing to use the *.com and *.org domains. (I *think* org is the second one.) So the question would then be "Who do you want to register your domain with?". Fortunately there are more answers this year than there were a few years ago, and fewer people are even aware what the domain is...but I'm always a bit hesitant when the link is to a domain that I d

  • I propose that they should not only implement this idea, but to track down the offenders and subject them to a gratuitous full body cavity search. You should be glad they won't need or require your consent, as this will be for your own good.
  • Anyone who thinks this won't be used to either bully the little guy into giving up his domain for corporations or just milk more money from customers is being very naive.
  • If you sum the number of days in each step of the Uniform domain name dispute resolution policy you quickly see that it can take tens of days to get a malicious domain shutdown. ICANN has long been in need of the ability to quickly react to burgeoning threats and though the ambiguity of the policy as described is concerning it's not without merits.
  • Verisign wants all your base are belong to us

  • Q: Were consultations with end users appropriate? Which groups were consulted? What were the nature and content of these consultations?
    A: As a registry operator, Verisign did not consult with the registrants of .com/.net/.name domain names.

    Verisign is trying to expand their central but minor role as a registry operator into control of the whole system. Their agreement with ICANN expires on November 30, 2012, and, ICANN could choose to get another registry operator. Right now, no proprietary technology or big staff is needed to be the registry operator. This added complication would make it tougher for ICANN to switch registry operators.

    So that's why they're doing this.

  • The whole certificate process is flawed, instead we should just have a way of proving that the authoritative dns servers of a domain agree a web site is the legitimate one. This can be done with public keys and crypto fingerprints. No need to pay the kind of scum that runs Verisign (the company that broke the internet one day with their money grubbing schemes) any money.

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...