[NMLUG] OT - Link: Recall Verisign

Subject: [NMLUG] OT - Link: Recall Verisign
From: jim at jimrutt.com (Jim Rutt)
Date: Wed Apr 14 09:33:01 2004
In-reply-to: <003c01c4216d$31bbf550$ec1fa8c0@dans>
References: <5.1.1.6.2.20040413090239.051efd98@mail.jimrutt.com>

I gave Verisign some public grief for *how* they introduced Sitefinder... 
springing it on the Internet community with no warning.
That was tremendously bad judgement.

While top level wildcarding is clearly a permitted practice under RFC-1035, 
anyone with experience in network oriented systems administration (and 
Verisign has many) knows that there are many unofficial but very real 
evolved uses around the status quo ante.   The most basic of spam rejection 
being one of those.    Thus my take
on Sitefinder was that Verisign was within it's rights to do it,  but 
should have given something like 180 days notice and sent up a list for 
system admins to discuss ramifications and work arounds during the pending 
period.

As the guy that negotiated the Network Solutions contracts with ICANN and 
the Department of Commerce in the summer of 1999 that made ICANN something 
other than a debating society,  I can tell you that we made very clear in 
the contracts that both the registry and the registrar were permitted to do 
any legal thing unless explicitly forbidden in the contracts (this was to 
keep ICANN from becoming an all consuming behemoth and a roadblock to 
innovation) .  Subsequently to my time (I left Verisign in March 2001) 
there were some negotiated changes between Verisign and ICANN and though 
I'm hazy on the details I don't believe they outlawed a Sitefinder type move.

Whether Sitefinder was a *wise* move or not is another story, but freedom 
to innovate is to my mind (a strongly libertarian, market oriented one, I 
must confess) is far more important than all decisions being optimal.  That 
was a principle, interestingly, that the Department of Commerce agreed with 
in the original structuring of the operating authority of 
ICANN.  Sitefinder was easy to "route around" (many sysops had used Vixie's 
little BIND batch by the time Sitefinder went down) .  That's the way the 
Internet *should* evolve : innovation and then acceptance or not thru 
sysadmin buy-in and end user buy-in.

In any case, I don't believe that Sitefinder is grounds for revoking 
VeriSign's registry contract.

Full disclosure: while I long ago sold my large wad of Network Solutions 
and Verisign stock, I do still have a relatively small amount, but not 
enough (I hope!) to skew me from a reasonably objective perspective on the 
situation.

=jim

At 11:37 AM 4/13/2004 -0400, you wrote:
>The problem I had with Sitefinder was that was done without regard to
>its possible ramifications. Further it was used as tool to drive
>business to Verisign for its domain registration business. That, at
>least to me, is quite clearly a conflict of interest.
>
>Network Solutions was a good caretaker for the original DNS back when
>.COM, .NET, & .ORG registries were small and limited to the U.S. proper.
>My personal feeling is that when the DNS system was opened to other
>registrars (GoDaddy, Register.Com, TuCows, etc.), Network Solutions (now
>Verisign) lost its positioning. I know of many, many people who have
>left VeriSign because of technical (try doing _anything_ over the phone
>with them) and cost issues (they are the most expensive registrar).
>
>Jim, you say:
>
>"With regard to security, actually SiteFinder was likely a strongly
>pro-security move - it forces people to get nonexistent domain records
>out of Sendmail configs ... a huge security hole."
>
>While it is true that domain wildcarding is okay under the RFC and that
>you call 'pro-security', does not diminish the fact that it broke many
>other things including anti-spam tools, other SMTP servers (which, if I
>recall correctly, depend on DNS lookup failures), and cryptographic
>tools which depend on DNS go/no go qualification, amongst others.
>
>There were and are better ways of handling this. Here are my
>suggestions:
>
>1. ICANN needs to address non-existent domains within a DNS framework
>and develop solutions for *ALL* top-level domains. This solution should
>be registrar neutral.
>2. Possible changes should be discussed with all major affected system
>vendors, i.e. the BIND folks, Microsoft, etc.
>3. A significant lead time should be allowed. This will allow for
>regression and other testing.
>
>The DNS system is much, much too important to be dictated by one vendor.
>I am not saying that NetSol be removed from the system, rather I think
>that should play nicely with others.
>
>-dan
>
>P.S. DISCLAIMER: I am an ex-SAIC employee who made a lot of money
>because of NetSol. I have a lot of warm feelings regarding the way they
>used to do business. (Employee stock ownership rocks!!!) I cannot,
>however, endorse what the company has become.
>
>_______________________________________________
>NMLUG mailing list
>NMLUG@nmlug.org
>http://www.nmlug.org/mailman/listinfo/nmlug

===================================
Jim Rutt
voice:  505-989-1115

References:
- [NMLUG] OT - Link: Recall Verisign
  - From: jim at jimrutt.com (Jim Rutt)
- [NMLUG] OT - Link: Recall Verisign
  - From: dlark at cukk.org (Daniel Lark)

Prev by Date: [NMLUG] VMware
Next by Date: [NMLUG] VMware
Index(es):
- Chronological
- Thread

Please send sugestions and comments to webmaster@nmlug.org.