Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
The Internet IT

Verisign Recommended to Keep .com & .net 147

Posted by samzenpus from the it's-mine-now dept.
An Anonymous SAIC Employee writes "The 'independent' company hired by ICANN to advise them on who should run the .com and .net registry has recommended that Verisign (fact sheet) should be chosen to continue to run the registry. Is it any surprise? Telcordia was owned by SAIC (Fact Sheet) during the time the study was conducted. SAIC bought Telcordia (fact sheet) (then Bellcore) in Nov. 1997 and sold it March 15, 2005. Network Solutions was bought by SAIC in 1995 and sold in 2000. Also, Telcordia worked with Verisign on the ENUM project. Is the fox guarding the hen house?"
This discussion has been archived. No new comments can be posted.

Verisign Recommended to Keep .com & .net More

Verisign Recommended to Keep .com & .net

Comments Filter:
  • Um, what exactly does this change?

    Right. Nothing. Just checking.

  • Oh no! (Score:5, Interesting)

    by SteelV ( 839704 ) on Wednesday March 30, 2005 @08:59PM (#12095826)
    "VeriSign's clumsy, unilateral attempt to hijack the DNS space through its SiteFinder wildcard service (and its goofy FUD-filled management statements since) proves that profiteering decisions can -- and do -- endanger the Internet more than any hacker or computer attack. It also proves once again that the Internet community -- ISPs, developers, engineers, and other experts -- can come together to effectively and quickly counter corporate, not just criminal, attacks on the network infrastructure - and we owe them our thanks."

    http://padawan.info/web/verisign_bad_citizen_of_th e_net.html [padawan.info]

    Why don't they get that diversity is a *Good* thing? Switch it up every few years, to keep these guys on their toes and not let them get too comfortable/corrupt.

    • Re:Oh no! (Score:2, Interesting)

      by TheKidWho ( 705796 )
      Sort of interesting, how about making it democratic? Vote for the company to do it every 2 years.
    • Switch it up every few years, to keep these guys on their toes and not let them get too comfortable/corrupt.

      Oh, you mean like the Presidentcy?
      • That assumes that either of the two parties that stand a chance of winning in the US are different in any noticable way.
    • Why don't they get that diversity is a *Good* thing? Switch it up every few years, to keep these guys on their toes and not let them get too comfortable/corrupt.

      If the switch is considered arbitrary, then that will kill off the incentive to improve. Why stay on your toes if the the election is not based on merit?

    • ohthankgod (Score:3, Insightful)

      by rs79 ( 71822 )
      1) Sitefinder: At the time NSI did this two doezen other cctlds did this. NSI's point was "hey, either we can all do it or nobody can". That doesn't seem unreasonable to me.

      2) .net rebid: Have a look inside all the facilities that bid on .net and tell me you'd have picked someplace else. I dare you.

      3) Location location location: Like the US govt was gonna let .net outside the the borders of the US. Good one.

      Frankly I sleep a bit more easy about my 3 .net names now. (Hows that funky .org whois workin out

  • heh (Score:5, Funny)

    by DiscoOnTheSide ( 544139 ) <ajfili@NoSPAm.eden.rutgers.edu> on Wednesday March 30, 2005 @09:00PM (#12095836) Homepage
    something tells me the guy who wrote that is a champ at "5 Degrees from Kevin Bacon" :P

  • Technocrat had the story yesterday ... (Score:3, Informative)

    by xmas2003 ( 739875 ) * on Wednesday March 30, 2005 @09:02PM (#12095857) Homepage
    Technocrat had this story yesterday [technocrat.net] - probably have a bit more discussion about it on Slashdot, but we'll have to see about the signal-noise ratio ... ;-)

  • Exactly... (Score:4, Insightful)

    by ral315 ( 741081 ) on Wednesday March 30, 2005 @09:03PM (#12095858)
    Why would we honestly expect any different? Anyone who actually read into the situation expected VeriSign to get the contract, and it looks as if that's what's going to happen now.

  • Whats all the fuss about? (Score:4, Interesting)

    by FiReaNGeL ( 312636 ) <fireang3l.hotmail@com> on Wednesday March 30, 2005 @09:03PM (#12095863) Homepage
    Last time I checked, .com and .net domains costed a whole 10 bucks to register.

    Why all the fuss about who should administer these? Is it doing any difference if it's Big Corporation A or B?

  • Depends on what their contract says (Score:5, Insightful)

    by dmoen ( 88623 ) on Wednesday March 30, 2005 @09:03PM (#12095864) Homepage
    I wouldn't mind this, if Verisign's contract was amended to prohibit domain-typo hijacking, and more generally, to require them to remain compatible and RFC compliant. And I would want those same contract provisions regardless of who runs .com and .net.

    Doug Moen
    • Yeah, but the problem here is they serve both as a registrar and keeper of the registry. The only way to get rid of this problem is to split the two functions and prohibit one single company from doing both job functions. Kind of like the U.S. Mint - if you don't know how to make the paper *AND* the ink then you can't print your own money (unless you own a laser printer :-)
    • But if there are other companies who want the contract, why not give it to one of them instead of to a company with a proven track record of misdeeds and dishonesty.
    • The contract wasn't amended. Fortunately, Bind and most other fully capable DNS servers were tweaked to disallow this nonsense within days of Verisign trying it. Unfortunately, it's the little home and small network setups of DNS that will suffer from the re-routing when Verisign tries it againi.

      Remember, that little stunt gave Verisign not only lots of salable traffic data about mistyped URL's, but it allowed them to route other people's mis-addressed email to their own mail servers. The stunt was very na
  • it's just no-bid contracts.

    SNAFU.

  • Uh oh (Score:3, Insightful)

    by ravenspear ( 756059 ) on Wednesday March 30, 2005 @09:04PM (#12095879)
    Something tells me the submitter of this story is in violation of his NDA. Maybe he should start looking for a new employer.

  • What am I missing? (Score:3, Funny)

    by The Amazing Fish Boy ( 863897 ) on Wednesday March 30, 2005 @09:05PM (#12095885) Homepage Journal
    Is SAIC the 'independent company'? Who's the fox? What henhouse? I'm not sure who's doing what, here.

  • Not surprising (Score:3, Insightful)

    by Jailbrekr ( 73837 ) <jailbrekr@digitaladdiction.net> on Wednesday March 30, 2005 @09:06PM (#12095902) Homepage
    Virtually every company in the IT world is connected to each other. Its like a big stupid beowulf cluster of beaurocracy that uses IPX instead of IP for its communciation protocol.

    Welcome to the techo-appalachians, where everyone is related to everyone else in some manner.

  • So What (Score:4, Insightful)

    by pHatidic ( 163975 ) on Wednesday March 30, 2005 @09:10PM (#12095930)
    This is just a recommendation. I have full faith that Joi Ito [ito.com] and the rest of the board will make the best decision when the time comes.
  • It seems like The Story always hits Slashdot a few days or months after it actually happens.

    But...

    Actually, obnoxious posing and behavior not withstanding, NetSol does in fact have the most solid infrastructure to insure solid .net and .com DNS. Yes, it's sad. But, it's true.

    • Actually, obnoxious posing and behavior not withstanding, NetSol does in fact have the most solid infrastructure to insure solid .net and .com DNS. Yes, it's sad. But, it's true.

      Yes, but that doesn't mean they aren't the only one overly qualified to do so. Running the DNS isn't rocket science, as much as people would like you believe. There are many entities with enough technical clue to do so. Some of them even bidded against VeriSign.

      • Re:NetSol (Score:3, Insightful)

        by cpghost ( 719344 )

        Running the DNS isn't rocket science

        Yes, indeed. The whole registry infrastructure could be put up together from open source components that already exist. The servers could be secured and managed just like every other servers. There's nothing at all magical about it.

        The real challenge for a registry is not technical. It is a major administrative and legal undertaking. One person was able to manage the whole .za domain from their basement, but .com and .net are a little bit larger and a tad more volat

  • Time for another ICANN meeting in an exotic locale (Score:1, Funny)

    by Anonymous Coward
    This sounds like an important issue. We should fly ICANN officials to another exotic destination!

  • Well, of course (Score:2, Funny)

    by Anonymous Coward
    Wasn't the dot-com boom the veri sign of .NET coming in the first place?

    *ducks*

  • Simple question: If not them... (Score:4, Insightful)

    by dark-br ( 473115 ) on Wednesday March 30, 2005 @09:30PM (#12096069) Homepage
    who else?

    If there's not another option that is *much* better then the current one why bother? Keep in mind that a change like this could result in a *real* mess.

    • If there's not another option that is *much* better then the current one why bother?

      EFF? W3C? IETF?
      True, it's not their forte, but if any of them were willing to take it on...
    • who else?

      Anyone.

      Keep in mind that a change like this could result in a *real* mess.

      Ahhh, so you've never personally dealt with them. OK, here's the short answer for people who've never experienced that dishonor:

      It would be darn nigh impossible to screw up anything worse than Verisign. They are absolutely, positively the worst "the problem must be on your end" pack of frickin' screwups ever to bungle network management. Network Solutions? Only if the problem is "I have too much money and time - please help me blow it on getting my domain back from the hijacker you gave it to without asking me first". I would give the job to Microsoft before I'd willingly let Verisign have another crack at it, and that's not something I'd say lightly. If they built cars, people would have died in the Verisign Pinto. They're the New Coke of networking, and I'd swear Terry Gilliam had a crystal ball and based "Brazil" around their bureaucracy.

      It. Can't. Get. Worse. This is it. You're looking at it. The lowest common denominator is carrying the treasure. People hate them so much that they built entire alternative DNS hierarchies to fix the theoretical disasters that Verisign somehow managed to drag to life. I'd buy a SCO Linux license before I'd pay Verisign to register another domain.

      • I'd buy a SCO Linux license before I'd pay Verisign to register another domain.

        Sorry to disappoint you, but if you own any .net or .com domain, you are already paying Verisign for it. Even if you registered with another registrar. All registrars (worldwide) pay a fee to the registry operator, which is for .com and .net Verisign. Verisign have a (apparently crappy) registrar business too, but that is not to be confused with the registry operation business.

        • Sorry to disappoint you, but if you own any .net or .com domain, you are already paying Verisign for it.

          I realize that, but it's the smallest payment possible under the circumstances. That's still a lot better than cutting them a check directly, although I really wish they weren't getting a penny of my money.

      • My personal favorite was the impossibility of getting them to transfer a domain I had registered, for which I was the primary contact, to another party. Then when I tired of that, I tried to simply delete the registration, and found I couldn't persuade them to do that either.

        They are incompetent buffoons. The only explanation I can think of is that they must have hired all their staff from the phone company.
    • DENIC comes to mind, they're running the second largest registry database world-wide after .com; they should be able to do it.

      • DeNIC? Under which jurisdiction? If they operate under German laws, some US domains will have to be purged from the registry. If ICANN, a US company, is really going down this route, they'll be submerged with law suits seeking damages. Is this really something they would want to expose themselves to?

  • As I posted to this same topic on technocrat... (Score:4, Insightful)

    by the_rajah ( 749499 ) * on Wednesday March 30, 2005 @09:38PM (#12096111) Homepage
    yesterday.. "Verisign is right up there with MS and Intuit in my list of evil corporations. All the dealings I've had with Verisign / Network Solutions as a registrar have been nothing but a huge hassle. Please get someone who we can trust. I don't use them at all any more. Godaddy is a LOT less expensive and their telephone support is nothing short of wonderful. Disclaimer: I have no financial interest in Godaddy, but I do have some 90 domains happily registered with them.

    "Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
    • I don't have a lot of domains, but just one. Some time ago I had a provider who would not follow due process with the network solutions email transfer. I called the ISP and eventually they said they only do such things under written order.

      This was silly... I had things already in place with the new provider and it was causing issues. Even discussing it with admin reached no solution. Finally, I told him I'm just going to forcibly yank control from them.

      Beyond the whole faxing and charging for immediate se

  • Cowardice (Score:3, Informative)

    by Doc Ruby ( 173196 ) on Wednesday March 30, 2005 @09:43PM (#12096144) Homepage Journal
    SAIC might be crazy for hens like a fox. But who is this "An Anonymous SAIC Employee"? There's Slashdot UserID [slashdot.org] like that. Sure, the facts and interpretations of this incestuous relationship stand on their own (possible) merits. But what else is going on with this Slashdot story? Are we all just being used as a propaganda market again, in another infowar between rivals for the same government contract?

    • Re:Cowardice (Score:3, Interesting)

      by geminidomino ( 614729 ) *
      It could just be that the whistleblower doesn't want to be outed just yet...
      • Yes, it could be. But it could be anything. Actual whistleblowing requires some accountability. Publishing whistleblower claims requires accountability, too. The best-known example of secret whistleblower, Watergate's "Deep Throat", was identified by Woodward and Bernstein to their editors at the Washington Post. Which had credibility (at that time) in assuring the public that the person was real, and credible themself. Slashdot does not have anything like that credibility, and has not even indicated that t
        • True, but it may not be TIME yet. If the whistleblower gets outed and fired now, what else may happen after he's gone and there's no one else to leak it?

          Despite the protestations of the "only criminals have something to hide" crowd, anonymity does have its uses.
          • MAYBE. The whole point is that there are many possible explanations of this "leak", only one (or a few) of which are on the level, Many others are simply competition, and others are misunderstandings or miscommunications. As I first mentioned, the facts bear investigation. This isn't even a "leak", as no secret info has been revealed - just an unusual insight about the potential cronyism evident in public info about the transactions. But whistleblowing is very complex, balancing secret identity info, propri
            • Hey, I'm not disagreeing that we should take this (and pretty much anything on slashdot) with a rather generous helping of salt.

              My main disagreement was the implication, possibly misread on my part, that ANYONE whistleblowing under anonymity was a coward.
              • Well, I didn't imply that, and my citation of Deep Throat certainly implies the value of anonymous whistleblowers. But I did explicitly state the dubious nature of anonymous testimony, even when the facts are public. My own reaction to the anonymity is conditioned by the many journalists currently reporting pure propaganda when citing anonymous govenment and corporate "sources". Without validating the stories, without even knowing where the info is coming from (and therefore where it might be going). That k

  • Why is this still centralized? (Score:5, Insightful)

    by MrDomino ( 799876 ) <mrdominoNO@SPAMgmail.com> on Wednesday March 30, 2005 @09:51PM (#12096205) Homepage

    I honestly find it hard to believe that a single entity can maintain control over such a large part of the Internet for so long a time; in the net's early days, a centralized domain registry might have been acceptable, being that it was a small thing and the overhead to implement anything more advanced would've outweighed the benefits. Now, though, with the Internet the size it is, I honestly think that something better needs to be in place: get rid of this central-domain-registry crap. Whoever's in charge of it--Verisign, Microsoft, even Google--is going to profiteer to some extent, simply because that is what companies do.

    If you ask my opinion, a decentralized system would make much more sense here. Store addresses in a Kademlia [infoanarchy.org] network or something; allow anybody to register a domain name, and it'll propagate as it's accessed. With a PGP-like trust system implemented, there need not be a central registry anywhere. The only way to prevent abuse of such a large monopoly is to prevent any single entity from controlling it, and the only way to do that is to decentralize the process.

    • Decentralization comes with its pros and cons. Amongst the feudal corps its in more of a "trustworthy" hand than in just anybody/everybodys.

      when i hear "the only way to do that is to decentralize the process" i think of p2p.. sure its nice, it will live long & prosper. but its easy to taint.

      "allow anybody to register a domain name, and it'll propagate as it's accessed." sorta reminds me of irc channels, sure you can reg it, but guess what. who the hell do you complain to when there are no IRCops to co

      • Amongst the feudal corps its in more of a "trustworthy" hand than in just anybody/everybodys.

        So you're saying you'd rather have a group of complete strangers whose only motivation to protect your rights is to avoid getting in trouble control what websites go where than a group of your own self-selected, trusted friends (a la PGP)?

        when i hear "the only way to do that is to decentralize the process" i think of p2p.. sure its nice, it will live long & prosper. but its easy to taint.

        You're thinking of pr

        • So what if somebody from community A wants to see community B's content? Will B have to have a second domain for "outisders"? Claiming that conflicts aren't a problem because nobody would want to see both sites is incredibly shortsighted.

          • Good point; I suppose, then, there'd have to be some better form of collision resolution in place. This might not be easy to do, but there are certainly ways of solving it, and tossing the entire idea out the window on the grounds that the current vastly corrupted and outdated system is "good enough" is even more shortsighted.

    • Not very insightful.. (Score:3, Insightful)

      by beldraen ( 94534 )
      First of all, there is more to domain names than just registering a name. You obviously believe in first come first serve, but the American economy is not a free economy. It has command elements to protect against fraudulent acts, malicious content, and trademark disputes. Secondly, a decentralized system only works on the merits of the people wanting it to work. Just look at Kazaa and the music war there. Most of the music is poisoned. Do we really want domain name wars when one hot-headed tech gets

      • I hardly believe in first come, first serve--which, incidentally, is closer to the current centralized domain registration system than to a well-implemented decentralized one. The domain will resolve to whichever address is most appropriate based on the answers given and the trust ratings of the answering computers; this way, rather than having a single centralized mish-mash of domains like foobarbaz123.com, communities can form around sets of domains pertinent to themselves.

        This would not function at all

        • I respectfully disagree it is not first-come. After all, if I find out about your company first before you are ready to advertise, there is no central authority to stop me. The whole point of internet is to know that I got to the place that I intented to get; otherwise, it is man in the middle issues.

          As for trust for peers is really trust for who has the larges set of associates. Just look at all the work google has to constantly go through to attempt to prevent people from uping thier page ranking.

          I s

    • Re:Why is this still centralized? (Score:2, Insightful)

      by Anonymous Coward
      The central registry you're thinking of is the ROOT SERVERS, which are controlled by a cabal, the same way they always were, just like Usenet. Anyone can create a set of root servers, but in practice just about everyone agrees on the same set, and that's the set your local DNS server has cached.

      Verisign just controls a few non-ccTLDs, which would be irrelevant but for the fact that people like you can't distinguish them from the root, and so insist that they somehow represent the whole Internet, rather tha
    • Two words: domain squatting. If names were free, what would stop someone from writing a script that generated and registered names as fast as their network connection would allow? If the system doesn't allow duplicates then a single squatter can register all trademarks and dictionary words in a matter of seconds; if duplicates are allowed then names are longer a convenient, reliable way of referring to a particular machine, and the system is worse than useless because of the possible abuses. Namespaces have

  • Does it have to be one company? (Score:5, Interesting)

    by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Wednesday March 30, 2005 @10:26PM (#12096417) Homepage Journal
    It currently works on the hierarchical basis, right? So all .com must be under the same "roof".

    With little effort, the system can be modified to ask a different set of "root" servers based on some simple formula on the domain-name. Like, sum up all letters of the name and % by the number of competitors.

    Then we'll be able to measure the efficiency of each contender -- number of failures, average response time, &c. and compare them.

    Or am I totally wrong? Any DNS gurus here?

    • It currently works on the hierarchical basis, right? So all .com must be under the same "roof".

      I don't think this is the case. There are several root servers that answer for the .COM top level domain. These are A.GTLD-SERVERS.NET, B.GTLD-SERVERS.NET etc. There isn't just one server.

      The IP addresses for all those root servers belong to Verisign, but I don't see why "A" can't be Verisign, "B" can be someone else, etc. Maybe one downside would be more difficult synchronization between all those servers,

      • Except all the .com servers simply replicate from the .com master, which is run by VeriSign.

        AFAIK, no one has figured out how to have multiple registries for a single domain.

        • Except all the .com servers simply replicate from the .com master, which is run by VeriSign.

          And "under my plan", they'll replicate from several servers -- what's the big deal?

          AFAIK, no one has figured out how to have multiple registries for a single domain.

          Well, I'm offering a way -- a simple hash of the domain name requested. Such as summing up all letters' ASCII values and % the result by the number of contenders. Only the root-servers' software needs to be modified for this.

      • Verisign does not own all the root servers. That would be insane; they would have the entire Internet by the nads (don't they wish). The root servers are spread around the world, though most of them are in the USA. See here. [root-servers.org] The purpose of the root servers is to direct queries to the correct TLD (top level domain) server depending on the TLD of the query. All DNS servers need to know the ip addresses of the root servers, and the root servers take it from there

        Verisign owns the .com and .org TLD server

    • But under that scheme there would still be one company for any particular domain. So if you want to register, say, slashdot.com, you still wouldn't have a choice.
      • True, but objectively comparing the competitors would become possible. Currently Verisign can respond to any criticism with: "Well, nobody can do it any better."

        Nobody -- including Verisign themselves -- knows, whether this is true or not. With my method objective metrics can collected and minimum standards imposed.

        As for changing, my simple formula will force automatic reshuffle of all domains any time another competitor enters the fray.

    • I am not a DNS guru, but yes, you are totally wrong. DNS is embedded in so many machines and is already such a complex standard, that it is impossible to change something so fundamental and have it work. Even adding something like DNSSEC took more than 10 years (and some broken attempts) before we reached the standard (just happened).

      Basically, it has to be 1 company. Since delegations are on label boundaries. There is no way to get around that, unless you want to develop a new DNS-alike protocol and get e
      • Actually, some of the other posts in this thread have hit on an idea - a 1-off registry.

        You register a .com DNS address with one or more registars. An ICANN-run server combines all this into a single database (they own the master registry). Then, a subcontracted set of servers replicate that master database, and those are the ones that are pointed to as the DNS servers for .com.

        ICANN owns the key piece of infrastructure - the master domain list. However, the hardware for this needs only be moderate and
        • You mean the current setup? Where ICANN has a company (registry) manage the master server, which gets updated through registrars, who are multiple companies handling the registration of domain names under the particular TLD that the company/registry is chosen for. (in this case .com)

          There is a reason that ICANN has outsourced the infrastructure management of the TLDs. It simply does not have the resources to do it itself, nor the legal background to handle ccTLDs.

          CC
          • You described the current setup - not my proposed one.

            The main difference would be that ICANN would maintain the master server - but that server would not be reachable by anything other than the replica DNS servers and the registrars. You could run that on a Athlon over a T1 line.

            The current setup puts the master server in the hands of Verisign, as well as all the replica DNS servers. I would propose breaking that part up. They could be a registrar, and they could run some replica servers, but they wou
      • DNS is embedded in so many machines and is already such a complex standard, that it is impossible to change something so fundamental and have it work.

        Unlike DNSSEC, my plan only requires modifications to the root-servers' software, which, I'm sure, is already heavily modified and customized. And it does not have to happen in one instant either -- those servers can be updated gradually.

  • I don't get it (Score:5, Interesting)

    by Flibberdijibbit ( 871844 ) on Wednesday March 30, 2005 @10:56PM (#12096586)
    Why would ICANN, the org that flogged Verisign over the Sitefinder fiasco, hire a company with ties to Verisign? I don't get it. The biggest problem getting anyone to notice is that the vast majority of the Internet population simply saw Sitefinder as a page that came up when a domain was typed in wrong. What most people don't know is that *every* unknown request for a domain was forwarded to Verisign's servers. Most disturbing in my mind (maybe because I'm an email admin) is SMTP connections went through to their servers. And if I remember correct, they accepted the entire conversation. Headers and message body. They then returned a 5xx level NDR back to the sender. They 'say' they weren't collecting data, but come on, at the very least, they had access to know good sender addresses. What corp wouldn't keep track of that goldmine of information??
  • Pay me big $$ and I'll happily report that Verisign should not be permitted to keep .com and .net. And I'll finish that report in world-record time!
  • is it just me or is the headline to this story simmilar to saying "bill gates lovers open source, because he worked with steve jobs, who loves company x, who donated to company y, who pressed a law suite aganst sco, for alleged copyright infringment, because sco is suing linux users, who it claims stole their code."?

  • Perhaps that's because current competitors and bidders like, say, DeNIC [denic.de] and others are not really desirable from a technical, legal and political point of view?

    Verisign is certainly not a good custodian for .net and .com (due to that Sitefinder debacle), but are other registry operators, at least the ones who are currently seeking to take the job, any better?

  • If you actually check the references what you find is that Telecordia worked with VeriSign to test ENUM. Telecordia and VeriSign didn't develop ENUM - that was done by an IETF working group in which anyone could participate.

    I don't personally think that VeriSign has served as a responsible steward of .COM and .NET (or of the root) and I don't think they should get to keep .NET. But I don't see anything wrong with VeriSign helping to test ENUM.

Slashdot Top Deals

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Close