In message
On Wed, 17 Sep 2003, Ewen McNeill wrote:
And if nothing else it's probably useful to have a single document to wave at people saying "these are all the bad things you've caused by doing this".
That's been documented already, as in the 2day.com case.
To reinforce the "one list with which to beat people up", this post on NANOG: http://www.merit.edu/mail.archives/nanog/msg13728.html points out that Verisign are in an interesting position with HTTPS access: not only do they have the wildcard DNS entry to draw traffic their way (apparently consuming one AS and two /24s on the way past), they've also got the trusted CA certificates to sign any SSL certificates needed (on the fly if they wish). The little "trusted site" closed lock on, eg: https://www.placetobuystuff.com/ is (amazinginly) a little less meaningful than it was before. (I'm also amazed that, apparently, no one has registered that domain name. It seems such an obvious one for the type-stuff-in-and-see-what-happens crowd.) FWIW, these: http://www.haque.net/verisign_dns_rant.php http://www.merit.edu/mail.archives/nanog/msg13682.html aren't a bad (early) start at a summary of problems (from Tuesday). Ewen