Copy Link
Add to Bookmark
Report
Netizens-Digest Volume 1 Number 525
Netizens-Digest Saturday, October 11 2003 Volume 01 : Number 525
Netizens Association Discussion List Digest
In this issue:
[netz] Danger from effort to privatize the Internet's Infrstructure
Re: [netz] Danger from effort to privatize the Internet's Infrstructure
Re: [netz] Danger from effort to privatize the Internet's Infrstructure
[netz] ICANN analysis and recommendation to Verisign
[netz] Industry response -- possible ICANN alternative for addressing (not domains)
Re: [netz] ICANN analysis and recommendation to Verisign
Re: [netz] ICANN analysis and recommendation to Verisign
Re: [netz] ICANN analysis... (hit SEND too soon).
[netz] Followup on DNS regulation
Re: [netz] Followup on DNS regulation
Re: [netz] Followup on DNS regulation
Re: [netz] Followup on DNS regulation
----------------------------------------------------------------------
Date: Tue, 23 Sep 2003 00:43:05 -0400 (EDT)
From: Jay Hauben <jrh@umcc.ais.org>
Subject: [netz] Danger from effort to privatize the Internet's Infrstructure
Hi,
ICANN has just be given a three year contract by the US government. When
will they ever learn that industry self-regulation can not work?
In any case, I thought readers of the Netizens list would be interested in
MICHAEL GEIST's latest column in the Toronto Star. He describes a new
"service" by Verisign that he says amounts to "Tampering with the
Internet"
The URL for the column is:
http://shorl.com/gavefifukudu
Here are a few paragraphs from it:
. . . This gradual transformation has developed with the open acquiescence
of governments worldwide. Although many governments, including the
Government of Canada, profess to view the Internet as a critical resource,
they have been content to leave this resource alone, governed by
self-regulation with a bare minimum of intervention.
Last Monday, at 10:45 a.m., the danger of this laissez faire approach
became evident to millions of Internet users. At that moment, VeriSign,
the U.S. company that enjoys a monopoly over dot-com and dot-net domain
name registration (there are competing registrars who sell domains to the
public but they must all buy their domains from VeriSign), flicked a
switch and launched a new service called Site Finder.
Site Finder is designed to deal with a fairly common occurrence for many
Internet users the entry of an incorrect domain name, either because the
domain is no longer active or because of a typo. While users are
accustomed to receiving an error message when this occurs, VeriSign's Site
Finder service now replaces the error page with a VeriSign page that
displays advertising and a search tool. . . .
- ----------------------------------------------------------
Please feel encouraged to post your comments here so the netizens list
might wake up a bit.
Take care.
Jay
------------------------------
Date: Tue, 23 Sep 2003 13:31:39 +0200
From: "Daniel Duris" <dusoft@staznosti.sk>
Subject: Re: [netz] Danger from effort to privatize the Internet's Infrstructure
Read more about this at http://www.evolt.org
Why Verisign's Wildcard DNS is a Bad Idea By Joel D Canfield (spinhead)
http://www.evolt.org/article/Why_Verisign_s_Wildcard_DNS_is_a_Bad_Idea/25/60224/index.html
Dan
- ---------- Original Message ----------------------------------
From: Jay Hauben <jrh@umcc.ais.org>
Reply-To: netizens@columbia.edu
Date: Tue, 23 Sep 2003 00:43:05 -0400 (EDT)
>Hi,
>
>ICANN has just be given a three year contract by the US government. When
>will they ever learn that industry self-regulation can not work?
>
>In any case, I thought readers of the Netizens list would be interested in
>MICHAEL GEIST's latest column in the Toronto Star. He describes a new
>"service" by Verisign that he says amounts to "Tampering with the
>Internet"
>
>The URL for the column is:
>
>http://shorl.com/gavefifukudu
>
>Here are a few paragraphs from it:
>
>. . . This gradual transformation has developed with the open acquiescence
>of governments worldwide. Although many governments, including the
>Government of Canada, profess to view the Internet as a critical resource,
>they have been content to leave this resource alone, governed by
>self-regulation with a bare minimum of intervention.
>
>Last Monday, at 10:45 a.m., the danger of this laissez faire approach
>became evident to millions of Internet users. At that moment, VeriSign,
>the U.S. company that enjoys a monopoly over dot-com and dot-net domain
>name registration (there are competing registrars who sell domains to the
>public but they must all buy their domains from VeriSign), flicked a
>switch and launched a new service called Site Finder.
>
>Site Finder is designed to deal with a fairly common occurrence for many
>Internet users the entry of an incorrect domain name, either because the
>domain is no longer active or because of a typo. While users are
>accustomed to receiving an error message when this occurs, VeriSign's Site
>Finder service now replaces the error page with a VeriSign page that
>displays advertising and a search tool. . . .
>----------------------------------------------------------
>
>Please feel encouraged to post your comments here so the netizens list
>might wake up a bit.
>
>Take care.
>
>Jay
>
>
------------------------------
Date: Tue, 23 Sep 2003 11:43:45 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: Re: [netz] Danger from effort to privatize the Internet's Infrstructure
At 12:43 AM -0400 9/23/03, Jay Hauben wrote:
>Hi,
>
>ICANN has just be given a three year contract by the US government. When
>will they ever learn that industry self-regulation can not work?
First, who should, in your opinion, regulate?
Second, ICANN has already "strongly suggested" to Verisign that they
remove their wildcard records for .com and .net. Industry
operational lists like NANOG are exploding with anger, by ISPs, at
Verisign, and at least one class action suit has been launched.
Verisign did this a week from this last Friday.
Let me be clear: Verisign did something completely egregious, and
there is, indeed, an inherent conflict of interest between being a
registrar (which can be competitive) and a registry (which needs to
be neutral). This is not the first questionable action by Verisign,
and their contract should be under extremely close review -- if not
revocation.
ICANN is flawed, but it does seem to have responded strongly here, as
has the Internet Architecture Board. Do note that Verisign's contract
is _not_ with industry, but with the US Department of Commerce -- it
was in place before ICANN.
(more inline)
>
>In any case, I thought readers of the Netizens list would be interested in
>MICHAEL GEIST's latest column in the Toronto Star. He describes a new
>"service" by Verisign that he says amounts to "Tampering with the
>Internet"
>
>The URL for the column is:
>
>http://shorl.com/gavefifukudu
>
>Here are a few paragraphs from it:
>
>. . . This gradual transformation has developed with the open acquiescence
>of governments worldwide. Although many governments, including the
>Government of Canada, profess to view the Internet as a critical resource,
>they have been content to leave this resource alone, governed by
>self-regulation with a bare minimum of intervention.
>
>Last Monday, at 10:45 a.m., the danger of this laissez faire approach
>became evident to millions of Internet users.
I don't know where he came up with 10:45 last Monday. Verisign
started this the previous Friday.
>At that moment, VeriSign,
>the U.S. company that enjoys a monopoly over dot-com and dot-net domain
>name registration (there are competing registrars who sell domains to the
>public but they must all buy their domains from VeriSign), flicked a
>switch and launched a new service called Site Finder.
>
>Site Finder is designed to deal with a fairly common occurrence for many
>Internet users the entry of an incorrect domain name, either because the
>domain is no longer active or because of a typo. While users are
>accustomed to receiving an error message when this occurs, VeriSign's Site
>Finder service now replaces the error page with a VeriSign page that
>displays advertising and a search tool.
What Verisign did is more damaging than this article suggests. It's
not just a matter of taking typos to their commercial search engine.
What they did was to change the behavior of DNS so that all
conceivable domains in .com and .net appear, to a DNS client, as if
the domain exists. In other words, there is no way for software to
tell that a domain is nonexistent.
Many S p a m checking tools will not forward mail for which a DNS
lookup shows a nonexistent source domain. Using nonexistent source
domains is common in unsolicited commercial email.
Beyond this checking, the Verisign maneuver also has a negative
effect on general email. When someone sends mail to a nonexistent
domain, most mail forwarding code will drop it (usually sending an
error message to the sender). Without the ability to determine that a
domain is nonexistent, mail servers now may queue mail to retry
delivery, consuming large amounts of ISP storage and congesting the
net with retries that are bound to fail.
I would note, however, that all of this problem analysis and
criticism has come from the private sector. There have been, for
example, no alert messages from the National Infrastructure
Protection Center or the Computer Emergency Response Team.
>. . .
>----------------------------------------------------------
>
>Please feel encouraged to post your comments here so the netizens list
>might wake up a bit.
>
>Take care.
>
>Jay
------------------------------
Date: Tue, 23 Sep 2003 15:30:57 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: [netz] ICANN analysis and recommendation to Verisign
Remember, Verisign's contract is with the US Department of Commerce,
_not_ ICANN.
http://www.icann.org/correspondence/secsac-to-board-22sep03.htm
------------------------------
Date: Tue, 23 Sep 2003 15:42:47 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: [netz] Industry response -- possible ICANN alternative for addressing (not domains)
At 11:12 AM +0200 9/23/03, Axel Pawlik wrote:
>
>Dear Colleagues,
>
>
>The Regional Internet Registries (RIR) have published
>three (3) documents:
>
> a. Proposed Open Letter to ICANN from the Regional
> Internet Registries
> b. Proposed Agreement between the RIRs to create the
> Number Resource Organization
> c. Proposed Agreement between the RIRs (acting through
> the NRO) and ICANN concerning the Address Supporting
> Organization
>
>These documents are available on a single web page at:
>
>http://www.ripe.net/ripencc/about/regional/draft-public-comment.html
>
>In order to ensure that RIR members and address communities in every
>region have the opportunity to comment, the Board of the RIRs have
>requested that RIRs post the documents for a period of 30 days. The
>comment period closes at midnight (UTC) on the 22nd October 2003.
>
>Each of the RIR Boards will consider the comments as they are
>received, and each RIR Board intends to make a decision whether to
>adopt these documents following this comment period. If these
>documents are adopted by all the RIR Boards, it is the present
>intention to formally pass the following open letter to ICANN on the
>24th of October. On the same date the Boards of the RIRs currently
>intend to direct their CEOs to sign the MoU concerning the
>establishment of the Number Resource Organization.
>
>All comments should be addressed to: nro-comments@apnic.net. The
>comments will be passed to all the Boards of the RIRs, and will also
>be published on the web site http://www.apnic.net/nro-comments. Any
>dialogue that arises from such comments will also be published on this
>site.
>
>Subscription information for the nro-comments mailing list is
>available at:
>
> http://mailman.apnic.net/mailman/listinfo/nro-comments
>
>All postings to this mail address (nro-comments@apnic.net) are
>public, and will be published at the following URL:
>
> http://www.apnic.net/nro-comments
>
>kind regards,
>
>Axel Pawlik
>Managing Director
>RIPE NCC
------------------------------
Date: Wed, 24 Sep 2003 10:44:12 +0200
From: Alexandru Petrescu <petrescu@nal.motlabs.com>
Subject: Re: [netz] ICANN analysis and recommendation to Verisign
Howard C. Berkowitz wrote:
> Remember, Verisign's contract is with the US Department of Commerce,
> _not_ ICANN.
Also remember that IAB (overseen by ICANN) is chaired by a VeriSign
employee.
Alex
------------------------------
Date: Wed, 24 Sep 2003 09:06:42 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: Re: [netz] ICANN analysis and recommendation to Verisign
>Howard C. Berkowitz wrote:
>>Remember, Verisign's contract is with the US Department of
>>Commerce, _not_ ICANN.
>
>Also remember that IAB (overseen by ICANN) is chaired by a VeriSign employee.
>
>Alex
The IAB is not overseen by ICANN, but by the Internet Society.
------------------------------
Date: Wed, 24 Sep 2003 09:10:49 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: Re: [netz] ICANN analysis... (hit SEND too soon).
>Howard C. Berkowitz wrote:
>>Remember, Verisign's contract is with the US Department of
>>Commerce, _not_ ICANN.
>
>Also remember that IAB (overseen by ICANN) is chaired by a VeriSign employee.
>
>Alex
The IAB is not overseen by ICANN, but by the Internet Society.
Even with the potential conflict of interest, the IAB also has
recommended that Verisign cease-and-desist with the wildcards. Now,
in the IETF process, IAB recommendations are just that. For something
to be more binding, it has to go possibly through a Working Group or
Area, and definitely through the IESG.
There's increasing comment that Verisign hasn't just committed an
operational error, but has actually broken the DNS protocol by
effectively disabling the no-such-domain error message.
I'll say again that I totally disapprove of what Verisign has done,
but I do see nongovernmental organizations making a strong response.
There is need for pressure, as well, on the Department of Commerce.
------------------------------
Date: Fri, 3 Oct 2003 10:43:30 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: [netz] Followup on DNS regulation
It's unfortunate there was no response to earlier posts, but the
industry response has been gathering momentum, and ICANN (see below)
is getting much more forceful. The North American Network Operators
Group this month (meeting along with the American Registry of
Internet Numbers) will have a panel where Verisign is challenged.
http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm
I'm the first to say that ICANN could be much better. Nevertheless, I
return to the question I asked in the first response to Jay: who
_should_ be dealing with this technical and economic aspect of
Internet governance?
------------------------------
Date: Fri, 03 Oct 2003 18:56:54 +0200
From: Alexandru Petrescu <petrescu@nal.motlabs.com>
Subject: Re: [netz] Followup on DNS regulation
Say Howard, do you think ICANN, or any body for that matter, can stop a
Verisign action when similar actions of other companies have not been
stopped at all by ICANN and no other organization body did?
IIRC, one of the original ideas for ICANN purposes was to prevent
conflicts involved by john-doe buying CocaCola domain names.
These days, anybody can buy gogole/coaccloa/your_mangle_here domain
names and still get thousands of eyeballs (equal potential money),
nothing stops anybody from doing that.
Maybe only thing that can stop Verisign do what they do is another
Verisign-like company. Maybe Google wants to offer their search service
to Verisign and eventually buy Verisign and then change back the
wildcard thing to its genuine behaviour.
I'm not being cynical and I do share many of the ideas circulated on
this list.
Alex
GBU
Howard C. Berkowitz wrote:
> It's unfortunate there was no response to earlier posts, but the
> industry response has been gathering momentum, and ICANN (see below)
> is getting much more forceful. The North American Network Operators
> Group this month (meeting along with the American Registry of
> Internet Numbers) will have a panel where Verisign is challenged.
>
>
> http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm
>
> I'm the first to say that ICANN could be much better. Nevertheless, I
> return to the question I asked in the first response to Jay: who
> _should_ be dealing with this technical and economic aspect of
> Internet governance?
>
------------------------------
Date: Fri, 3 Oct 2003 14:44:18 -0400
From: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: Re: [netz] Followup on DNS regulation
>Say Howard, do you think ICANN, or any body for that matter, can stop a
>Verisign action when similar actions of other companies have not been
>stopped at all by ICANN and no other organization body did?
Looking at the outrage on the ISP operational lists, I think
something will happen here -- it's a survival issue for ICANN. In
parallel, the regional registries (RIPE NCC, ARIN, APNIC, LACNIC) are
putting together something that could be a replacement and/or
complement to ICANN, specifically for IP addresses rather than DNS.
Court actions against Verisign already have started, but not from
ICANN. The letter from ICANN in the URL that I gave, reading between
the lines, is a warning shot that ICANN is considering revoking
Verisign's contract.
Another industry response to Verisign's wildcards is a series of
modification to DNS software (e.g., BIND) that recognizes the
wildcard behavior and treats it as a nonexistent domain. Lots of ISPs
are putting in filters to prevent connectivity to Sitefinder.
If Verisign tries to counter these moves, they will be setting
themselves up for such things as antitrust action. Verisign people
will be on a panel at the NANOG meeting on October 19-21, and I
expect fireworks. The ARIN meeting follows NANOG, at the same site,
from Oct 22-24, and bad responses from Verisign and/or ARIN may very
well lead to even more acceleration of alternatives to ICANN by the
regional registries such as ARIN. The regional _address_ registries,
while admittedly in a less controversial area than DNS names, have
several years of responsible operation as not-for-profits.
My own feeling is that Verisign reached for far too much this time,
and the industry is gunning for them. ICANN is in a position where
it will be seen as part of the problem (and thus irrelevant) unless
it is visibly part of the solution.
>
>IIRC, one of the original ideas for ICANN purposes was to prevent
>conflicts involved by john-doe buying CocaCola domain names.
>
>These days, anybody can buy gogole/coaccloa/your_mangle_here domain
>names and still get thousands of eyeballs (equal potential money),
>nothing stops anybody from doing that.
>
>Maybe only thing that can stop Verisign do what they do is another
>Verisign-like company. Maybe Google wants to offer their search service
>to Verisign and eventually buy Verisign and then change back the
>wildcard thing to its genuine behaviour.
>
>I'm not being cynical and I do share many of the ideas circulated on
>this list.
>
>Alex
>GBU
>
>Howard C. Berkowitz wrote:
>>It's unfortunate there was no response to earlier posts, but the
>>industry response has been gathering momentum, and ICANN (see
>>below) is getting much more forceful. The North American Network
>>Operators Group this month (meeting along with the American
>>Registry of Internet Numbers) will have a panel where Verisign is
>>challenged.
>>
>>
>>http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm
>>
>>I'm the first to say that ICANN could be much better. Nevertheless, I
>> return to the question I asked in the first response to Jay: who
>>_should_ be dealing with this technical and economic aspect of
>>Internet governance?
------------------------------
Date: Fri, 03 Oct 2003 22:14:17 +0200
From: Alexandru Petrescu <petrescu@nal.motlabs.com>
Subject: Re: [netz] Followup on DNS regulation
Howard C. Berkowitz wrote:
>> Say Howard, do you think ICANN, or any body for that matter, can
>> stop a Verisign action when similar actions of other companies have
>> not been stopped at all by ICANN and no other organization body
>> did?
>
>
> Looking at the outrage on the ISP operational lists, I think
> something will happen here -- it's a survival issue for ICANN. In
> parallel, the regional registries (RIPE NCC, ARIN, APNIC, LACNIC) are
> putting together something that could be a replacement and/or
> complement to ICANN, specifically for IP addresses rather than DNS.
A-ha, good to know. I've been following ICANN's struggle for survival
(if I can say so) and saw how many factors are involved, and difficult
to deal with, when it tries to be as open as the Internet audience would
like it to be.
So, looking at a new potential effort by the registries. Is this also
oriented towards being as open to as possible to as many people as possible?
> Court actions against Verisign already have started, but not from
> ICANN. The letter from ICANN in the URL that I gave, reading between
> the lines, is a warning shot that ICANN is considering revoking
> Verisign's contract.
(Revoking? so Verisign will revoke the certificates perviously assigned
by the plaintiff's e-commerce customers :-)
Good to know.
The signs that I've seen up to now about Verisign were not that bad at
all. I might not be very well informed, but I had the impression of a
well-intentioned company, this is the first time I see something that
bad about them (well, except the other CA's stories [*]).
I think they spend lots of time and money to build this level of
credibility, and wondering about what happens if this credibility is
undermined by this action; are there any other potential players
enjoying this level, such as to potentially be given control of the root
servers.
> If Verisign tries to counter these moves, they will be setting
> themselves up for such things as antitrust action.
Ok and then look back and see what's happened to the other antitrust
cases. Of course, it was good to watch. As you say, fireworks.
> My own feeling is that Verisign reached for far too much this time,
> and the industry is gunning for them.
My own impression is that this makes so much noise only because it is so
easily visible, anyone with a browser gets to see the thing and get a
feeling of the problem. I wonder why they did it only for .com and .net
domains, it does not work for .org, .info and country-level domains.
As long as people look mainly at .com things most of the time then this
might look like a problem, indeed. But there are also many people
looking mainly at country-level or org or edu domains and they don't see
nothing.
If there were to be legal actions and such (as you say "anti-trust
cases") I think professional lawyers would have no problem defending a
useful cause for the majority of users, just as Microsoft did.
Say, what would a netizen do in this entire context?
Is a netizen hurt by a potentially helpful service?
Is a US netizen hurt by a potentially helpful service?
Is a netizen outraged by the side-effects of the commercialization of
the Internet in that private interests (and not public interests) lead
to destabilizing the overall working of the Internet? A netizen would
need to provide a palpable counter-argument of how this endangers, and
make it as visible as the advantage. This can be done, instead of
crying "wolf".
Alex
GBU
[*] speaking of CA stories. Many people complain about their security
service not being that good, and claiming more trust than what they
actually offer; at the same time I see them as the only CA that does
implement a good feature (OCSP) that I really like, and that is an IETF
standard, built and specified in the IETF style. I went to two other
large CA's and asked the same thing, they said 'wait'.
------------------------------
End of Netizens-Digest V1 #525
******************************
