Re: ICANN - Formal Complaint re Verisign
Geotrust is not Verislime, but they *are* Choicepoint. If you don't know who Choicepoint is; well, they vacuum up your personal data and resell it to all comers. Google on Choicepoint FTC for a rundown. Sort of John Poindexer's version of Halliburton..a private sector Big Brother. I regard Verislime vs Choicepoint as like Joey (The gang that couldn't shoot straight..) Leonand's outfit vs. the Colombian mobs. Sigh, I'll be sticking with Verislime for buying certs, I guess. -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
Re: ICANN - Formal Complaint re Verisign
One thing I haven't seen mentioned in all this is the incredible business monopolizing effect this move will have on the TLD's in question. It dramatically shifts the domain playing field in Verisign's favor by pointing millions of potential customers to their site(s) specifically, giving them millions of dollars in free advertising eye-time over any of the competition I don't see how this eye-time can be translated into millions of dollars. But it is clear that Verisign are making money by selling sponsored links to people who sell spamming services and software. And it is also clear that this redirection of traffic allows them to amass a large database of email addresses that are current, active and which belong to people who don't always check things carefully before acting, i.e. the To: email address was mistyped. They could make a lot of money selling that list of email addresses to spammers. And they could also sell a lot of the mistyped addresses after correcting the domain name portion by supplying the closest matches from the .COM and .NET database. I wonder how anyone can continue to trust a company like this as a certificate authority. They seem to have attracted the breed of get-rich-quick management who want to make money by scamming the public and selling very unsubtantial things like names(.COM) and numbers (SSL certs). I don't pretend to believe that we can stop fast-buck artists from running these sorts of scams but we have to find alternative sources for SSL certs from companies whose business model lies squarely in the world of security and trust. That clearly excludes Verisign. Any company with such shoddy business practices that they can unleash this technically flawed redirection of traffic without proper testing and public consultation is also a soft target for infiltration. As was already mentioned, it is only a matter of time before a criminal gang infiltrates Verisign and launches man-in-the-middle attacks on the banking system. There are already people that are specifically targetting banks by installing surreptitious keyloggers on computers that sniff out Internet banking passwords. This would be far more effective if the keyloggers were installed by a man-in-the-middle so that they were targetted only at the intended victims. --Michael Dillon
Re: ICANN - Formal Complaint re Verisign
If I remember correctly, Verisign person stated in an interview that they estimate that it will be worth up to $100M annually. Boycott Verisign as much as possible. You can register new names in .BIZ or .INFO or in a country specific TLD including .US http://www.us-register.com/faq-us.cfm If you just cannot convince customers to stay away from the polluted mess of .COM then please use one of the alternative registrars so that less of your money goes to Verisign. And you can get SSL certs from alternative sources such as GeoTrust http://www.geotrust.com/ If you really believe that Verisign's actions are stock manipulation or shareholder fraud and you have some evidence to support that belief then report it to the SEC http://www.sec.gov/complaint.shtml If you believe that Verisign's actions have damaged your business in any way then ask your lawyers to write a letter to Verisign demanding that they cease and desist. If necessary, then follow up with a lawsuit or join in a class action suit against Verisign. Complaining on this mailing list achieves very little but there are things that individuals and businesses can do to put their money where their mouth is and have some real impact on Verisign. --Michael Dillon
Fw: Re: ICANN - Formal Complaint re Verisign
An interesting thought... Jerry Jerry, One question - if I previously typed in an URL that was incorrect and would get the usual response from my OWN system, there would be not a real lot of data sent/received to pay for that mistake. Now that Verisign is doing their current thing, there is a lot more data being paid by ISPs across the world that shouldnt HAVE to be paid for. So is anyone thinking of banding together the ISPs in on this formal complaint citing loss of income from this? The bigger the ISP - eg AOL - the bigger the new cost for Verisign advertising, paid at the ISP's expense because of all this. A group of ISPs all complaining should get some action you would think. I am posting this to you as if you can use it, feel free to post it to Nanog where I have no posting rights. Regards, Greg. .
Re: Fw: Re: ICANN - Formal Complaint re Verisign
Somebody pointed out, on another list, that Verisign's move is essentially a man in the middle attack. Which leads to the question: are they in violation of any Federal laws - such as, say, the Patriot Act?
Re: ICANN - Formal Complaint re Verisign
On Thu, Sep 18, 2003 at 11:42:19AM +0100, [EMAIL PROTECTED] wrote: And you can get SSL certs from alternative sources such as GeoTrust http://www.geotrust.com/ Bzzz, geotrust is Verisign http://www.google.com/search?sourceid=mozclientie=utf-8oe=utf-8q=Thawte+was+b ought+by+Verisign Marc -- A mouse is a device used to point at the xterm you want to type in - A.S.R. Microsoft is to operating systems security what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger [EMAIL PROTECTED] for PGP key
Re: ICANN - Formal Complaint re Verisign
Speaking on Deep Background, the Press Secretary whispered: On Thu, Sep 18, 2003 at 11:42:19AM +0100, [EMAIL PROTECTED] wrote: And you can get SSL certs from alternative sources such as GeoTrust http://www.geotrust.com/ Bzzz, geotrust is Verisign And braindead. Go to that address with lynx. -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
Re: ICANN - Formal Complaint re Verisign
Marc MERLIN [EMAIL PROTECTED] 9/18/03 9:27:11 AM On Thu, Sep 18, 2003 at 11:42:19AM +0100, [EMAIL PROTECTED] wrote: And you can get SSL certs from alternative sources such as GeoTrust http://www.geotrust.com/ Bzzz, geotrust is Verisign http://www.google.com/search?sourceid=mozclientie=utf-8oe=utf-8q=Thawte+was+b ought+by+Verisign Marc If GeoTrust is Verisign, why do they make a big deal out of competing with Verisign? http://www.geotrust.com/resources/market_share/index.htm John --
Re: ICANN - Formal Complaint re Verisign
Once upon a time, Marc MERLIN [EMAIL PROTECTED] said: On Thu, Sep 18, 2003 at 11:42:19AM +0100, [EMAIL PROTECTED] wrote: And you can get SSL certs from alternative sources such as GeoTrust http://www.geotrust.com/ Bzzz, geotrust is Verisign http://www.google.com/search?sourceid=mozclientie=utf-8oe=utf-8q=Thawte+was+b ought+by+Verisign Bzzt, Thawte != Geotrust. -- Chris Adams [EMAIL PROTECTED] Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
RE: ICANN - Formal Complaint re Verisign
As someone who has dealt extensively with GeoTrust, I can assure you, they are not owned by Verisign. They're a totally separate company that has the old equifax root cert. Thanks, Matt -- Matthew Zito GridApp Systems Email: [EMAIL PROTECTED] Cell: 646-220-3551 Phone: 212-358-8211 x 359 http://www.gridapp.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Neiberger Sent: Thursday, September 18, 2003 11:59 AM To: [EMAIL PROTECTED] Subject: Re: ICANN - Formal Complaint re Verisign Marc MERLIN [EMAIL PROTECTED] 9/18/03 9:27:11 AM On Thu, Sep 18, 2003 at 11:42:19AM +0100, [EMAIL PROTECTED] wrote: And you can get SSL certs from alternative sources such as GeoTrust http://www.geotrust.com/ Bzzz, geotrust is Verisign http://www.google.com/search?sourceid=mozclientie=utf-8oe=u tf-8q=Tha wte+was+b ought+by+Verisign Marc If GeoTrust is Verisign, why do they make a big deal out of competing with Verisign? http://www.geotrust.com/resources/market_share/index.htm John --
Re: ICANN - Formal Complaint re Verisign
On Thu, 18 Sep 2003, Marc MERLIN wrote: On Thu, Sep 18, 2003 at 11:42:19AM +0100, [EMAIL PROTECTED] wrote: And you can get SSL certs from alternative sources such as GeoTrust http://www.geotrust.com/ Bzzz, geotrust is Verisign http://www.google.com/search?sourceid=mozclientie=utf-8oe=utf-8q=Thawte+was+b ought+by+Verisign Geotrust != Thawte, thus follows that Geotrust != Verisign - d. -- Dominic J. Eidson Baruk Khazad! Khazad ai-menu! - Gimli --- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
Re: ICANN - Formal Complaint re Verisign
On Thu, 18 Sep 2003 09:59:27 MDT, John Neiberger [EMAIL PROTECTED] said: If GeoTrust is Verisign, why do they make a big deal out of competing with Verisign? And Chevy competes with Pontiac and Buick. Your point? pgp0.pgp Description: PGP signature
RE: ICANN - Formal Complaint re Verisign
On Thu, 18 Sep 2003, Matthew Zito wrote: As someone who has dealt extensively with GeoTrust, I can assure you, they are not owned by Verisign. They're a totally separate company that has the old equifax root cert. Agreed. I used Equifax before they handed off to Geotrust. Both have done a good job and are less painful ( less expensive) to deal with than VeriSign. I've never had to interact with either beyond purchasing single web certs at a time though. Gerald - How are ya? Never been better, ... Just once I'd like to be better.
Re: ICANN - Formal Complaint re Verisign
On Thu, Sep 18, 2003 at 11:11:12AM -0500, Dominic J. Eidson wrote: On Thu, 18 Sep 2003, Marc MERLIN wrote: On Thu, Sep 18, 2003 at 11:42:19AM +0100, [EMAIL PROTECTED] wrote: And you can get SSL certs from alternative sources such as GeoTrust http://www.geotrust.com/ Bzzz, geotrust is Verisign http://www.google.com/search?sourceid=mozclientie=utf-8oe=utf-8q=Thawte+was+b ought+by+Verisign Geotrust != Thawte, thus follows that Geotrust != Verisign note to self: 1) wake up 2) read Email (you are of course correct) Marc -- A mouse is a device used to point at the xterm you want to type in - A.S.R. Microsoft is to operating systems security what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger [EMAIL PROTECTED] for PGP key
Re: ICANN - Formal Complaint re Verisign
Michael Dillon wrote: Complaining on this mailing list achieves very little but [...] It did one useful thing; it gave a wide number of operators across the ISP and infrastructure industries a chance to see what was happening and put in their two cents. My initial impression was that the wildcard was amazingly bad for a number of reasons, but based on my own impression alone I am unlikely to launch complaints to a wide range of regulators and congresspeople. It is now quite clear that nobody in the industry has seen fit to respond to the Verisign actions as anything defensible at the technical or policy levels. So my opinion goes from being my two cents to a consensus; and I will act in those external arenas based on what I see as a sufficiently wide consensus... -george william herbert [EMAIL PROTECTED]
ICANN - Formal Complaint re Verisign
Please find below a copy of a formal complaint I have made to ICANN today
regarding Verisign's wildcard change of yesterday, which may be of
interest to members of this list.
The text is also available at:-
http://www.itconsult.co.uk/misc/icann17sep2003.htm
Best wishes,
Matthew
From: Matthew Richardson
To: Tina Dam
Subject: {18876} Formal Complaint - .com .net wildcards cause Internet
destabilisation
Date: Wed, 17 Sep 2003 20:46:54 +0100
Organization: I. T. Consultancy Limited, Jersey
-BEGIN PGP SIGNED MESSAGE-
{ref: 18876}
To: The Internet Corporation for Assigned Names and Numbers (ICANN)
For the attention of: Tina Dam
I refer to our telephone conversation of yesterday morning relating
to the very recent addition of wildcard records to the .com .net
GTLDs by Verisign. My purpose in writing, as we discussed, is to
make a formal complaint to ICANN regarding Verisign's actions, and
furthermore to formally request ICANN to instruct Verisign to remove
these wildcard records with immediate effect, subject only to their
possible reinstatement following an appropriate period of
consultation.
This complaint is being made in the public interest. Specifically it
is that the CHANGE in behaviour within two of the largest Internet
TLDs is likely to cause serious difficulties in a number of areas.
The inevitable consequence of these CHANGES is that many businesses
and users involved with .com .net domains (quite a sizeable
proportion of the Internet) will be involved in varying degrees of
unforeseen inconvenience, failure and expenditure. Such unexpected
disruption and expense seems, at the very least, somewhat inequitable
to those on the receiving end, all the more so in the absence of any
notice from Verisign.
This is clearly a destabilising effect on a very significant portion
of the Internet as a whole, which seems to be at some variance with
ICANN's ongoing responsibilities as described in your announcement of
today http://www.icann.org/announcements/announcement-17sep03.htm,
which states The MoU highlights ICANN's responsibility to ensure the
stability of the Internet.
There may be many additional (and perhaps compelling) reasons why
others might suggest that change is not good, predominantly from a
privacy and data protection perspective. However this complaint
deals solely with the issues of the failures caused by the unexpected
change and the cost of correcting them.
The change appears to have been announced by Verisign yesterday and I
have seen references by them in public to the documents:-
http://www.verisign.com/resources/gd/sitefinder/implementation.pdf
http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf
The former, dated 27 August 2003, describes their wildcard
implementation, citing its conformance with their latter document,
which is dated 09 September 2003. Whilst the lay reader might assume
that this latter document represents some form of approved Internet
standard, nothing could be further from the truth.
The following are merely a few very examples of the sorts of issues
which will cause failures and which will cost money to fix:-
(a) Unsolicited commercial email (colloquially known as spam), is a
serious (and increasingly serious) problem. Many email servers
incorporate anti-spam protections. One commonly used method is to
perform a DNS check on the sender domain prior to continuing to
accept the message. If it does not exist, the email is not accepted
being either delayed or permanently rejected. At a low level, this
is done by issuing a DNS query for the sender domain and checking for
the presence of MX or A records. Verisign's changes will cause this
mechanism to fail for all non-existent .com or .net domains.
(b) Verisign have installed software which answers on SMTP port 25 on
the IP address returned as the A record. This software, which
purports to be an email server, is not even remotely compliant with
rfc2821, the current standard for SMTP email. It is clearly designed
to receive email connections and reject the messages, although it
remains unclear what difficulties its gross non-compliance will
cause. As an aside, its ability to capture sender addresses (and
should it wish in the future whole email messages) which is most
likely to cause significant concern to those of a privacy protection
persuasion.
(c) There are likely to be many applications and services around the
Internet, which utilise the results of DNS lookups to test the
existence of domains under .com .net, a method which has worked
correctly since the creation of these TLDs long long ago. Many of
these applications will belong to those involved in the domain
registration business. The addition of wildcard records will cause
all such applications to fail. This appears to be understood by
clearly Verisign who state in the latter document referred to above
It is important to
ICANN - Formal Complaint re Verisign
One thing I haven't seen mentioned in all this is the incredible business monopolizing effect this move will have on the TLD's in question. It dramatically shifts the domain playing field in Verisign's favor by pointing millions of potential customers to their site(s) specifically, giving them millions of dollars in free advertising eye-time over any of the competition Jerry
Re: ICANN - Formal Complaint re Verisign
Jerry Eyers wrote: One thing I haven't seen mentioned in all this is the incredible business monopolizing effect this move will have on the TLD's in question. It dramatically shifts the domain playing field in Verisign's favor by pointing millions of potential customers to their site(s) specifically, giving them millions of dollars in free advertising eye-time over any of the competition If I remember correctly, Verisign person stated in an interview that they estimate that it will be worth up to $100M annually. Pete
Re: ICANN - Formal Complaint re Verisign
PH Date: Thu, 18 Sep 2003 00:50:18 +0300 PH From: Petri Helenius PH If I remember correctly, Verisign person stated in an PH interview that they estimate that it will be worth up to PH $100M annually. I'm willing to suffer that sort of burden to, uh, help make the Internet a better place. Where do I sign up? Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses : [EMAIL PROTECTED] -or- [EMAIL PROTECTED] -or- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
Re: ICANN - Formal Complaint re Verisign
So...what, if anything, has been heard along the lines of feedback/defense/repartee/retort/explanation/spin doctoring/screams of terror from Verisign under the crushing weight of this solid ochlocratic beatdown? Given the below, was wondering if anyone, conversely, has heard any ardent professions on Verisign's part of commercial or vendor agnosticism or assurances of this being for our own good? (Aside from the Terms of Use rhetoric on the sitefinder page, that is...) Honesty is the best policy, but insanity tends to be a better defense. (Not sure where commercial motivation falls in that regard...) --ra -- K. Rachael Treu, CISSP rara at navigo dot com ..sic itur ad nauseum.. On Wed, Sep 17, 2003 at 10:05:04PM +, E.B. Dreger said something to the effect of: PH Date: Thu, 18 Sep 2003 00:50:18 +0300 PH From: Petri Helenius PH If I remember correctly, Verisign person stated in an PH interview that they estimate that it will be worth up to PH $100M annually. I'm willing to suffer that sort of burden to, uh, help make the Internet a better place. Where do I sign up? Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses : [EMAIL PROTECTED] -or- [EMAIL PROTECTED] -or- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
Re: ICANN - Formal Complaint re Verisign
On Wed, 17 Sep 2003 22:05:04 -, E.B. Dreger [EMAIL PROTECTED] said: PH If I remember correctly, Verisign person stated in an PH interview that they estimate that it will be worth up to PH $100M annually. I'm willing to suffer that sort of burden to, uh, help make the Internet a better place. Where do I sign up? Last I checked, Verisign wasn't a 501(c). Draw your own conclusions. pgp0.pgp Description: PGP signature
