[vox] COMPLAIN Verisign resolves unregistered .COM, .NET domains
Ken Bloom
vox@lists.lugod.org
Wed, 17 Sep 2003 08:43:45 -0700
--E39vaYmALEf/7YXx
Content-Type: text/plain; Format=Flowed; DelSp=Yes; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2003.09.17 02:24, Bill Kendrick wrote:
>=20
> Holy CRAP! (Or should, I say, "hloycrapp.com"? ;^) )
>=20
>=20
> Some reports (thanks to news.google.com, of course) ...
>=20
> Salon - "Thanks, VeriSign, for breaking the Internet"
> =20
> http://www.salon.com/tech/col/leon/2003/09/17/verisign/index_np.html
>=20
> The Register - "All your Web typos are belong to us"
> http://www.theregister.co.uk/content/6/32852.html
>=20
> CNET - "VeriSign redirects error pages"
> http://news.com.com/2100-1032-5077530.html
>=20
> ZDNet/Australia - "VeriSign slammed for helping spammers"
> =20
> http://www.zdnet.com.au/newstech/communications/story/0,2000048620,202786=
73,00.htm
>=20
> Slashdot - "Resolving Everything: VeriSign Adds Wildcards"
> http://slashdot.org/articles/03/09/16/0034210.shtml?mode=3Dnocomment
>=20
>=20
>=20
> I didn't like the idea, but I also didn't realize the implications
> until I started reading the avalanche of comments on Slashdot...
> Mail clients not being able to 'do the right thing', broken spam
> filtering,
> insane hell for network admins trying to track down problems, etc.
[Please disseminate far and wide]
Slashdotters have suggested complaining to ICANN (comments@icann.org) =20
saying something along the lines of the following:
This complaint is regarding Verisign's recent decision to claim =20
all non-registered .COM and .NET domain names for itself. It has done =20
this by inserting a wildcard into the DNS registers, meaning an IP of =20
64.94.110.11 is returned for any domain name that has not yet been =20
registered. That page is an advertisement for VeriSign's domain =20
registration services. This is unfair competition with existing =20
registrars - there is no means for myself, for example, to gain a =20
similar foothold without actually purchasing each and every currently =20
unregistered .COM/.NET name. It is also a technical breach of trust - =20
the Internet is not merely the Web, and unknown domains should return =20
errors rather than constantly try to contact VeriSign's advertising =20
servers. Non-Web-based applications (FTP clients, etc.), will now =20
incorrectly log that they have contacted the host you asked for when in =20
fact they should have returned an error 'hostname unknown' because the =20
site does not exist. The same will occur with any ICMP TRACEROUTE or =20
PING tools-- these will not behave in a manner expected. I would be =20
grateful if you could investigate this matter. Yours, Ian McCall
(Wording written by Ian McCall (http://slashdot.org/~mccalli), error =20
corrected by Snover (http://slashdot.org/~Snover) )
Or try this wording instead:
I just came across a news at Slashdot.org
http://slashdot.org/articles/03/09/16/0034210.shtml?tid=3D126&tid=3D95&tid=
=3D98&tid=3D99
reporting the recent abuses VeriSign made of the DNS system,
virtually allocating any non-existing .com and .net domains to =20
themselves.
This is unethical, and unfair monopoly abuse.
I believe this breaks numerous RFCs, besides it seems this
has already been discussed and refused by the IAB :
http://www.icann.org/correspondence/iab-message-to-lynn-25jan03.htm
Why does VeriSign allow themselves the right to do something
that was expressely forbidden ?
I strongly recommend VeriSign be threatened to be revoked as
maintainer of the DNS root, if they don't cease immediately those
bad practices that not only break many existing applications, but
also incurs unfair competition with search engines.
Truthfully,
x
(Wording written by mmu_man (http://slashdot.org/~mmu_man))
--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 6/10/2003. If you use GPG, *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***
--E39vaYmALEf/7YXx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQA/aIExlHapveKyytERAieFAJ9J0srHiW4kM2s+UQg6KixAZ1DetACfUene
0NAU90owDn5Hpg9Wt3wA0H4=
=aCji
-----END PGP SIGNATURE-----
--E39vaYmALEf/7YXx--