Juha wrote:

It's been a bad day dot com eh?

Why do 2Day what you can put off until 2Tomorrow? :-) Keith Davidson

Juha wrote:

2-daaayyoh, 2-day-ay-ay-oh. Internet sucks and me wanna go home.

Anyway, things seem to be working again.

So who's going to roast point the Giant Flamethrower at Marina Del Rey? Perhaps this is a job for Captain InternetNZ?

I guess it could be a job for InternetNZ. But it occurs to me that Veri$ign are doing nothing "wrong", it's just not within the spirit of Internet practices? I have greater concerns with Verisigns wait-listing for domain names and associated fees, but then, what the heck, I'm a bean-counter, not a techie... Keith Davidson

Juha Saarinen wrote:

...

I guess it could be a job for InternetNZ. But it occurs to me that Veri$ign are doing nothing "wrong", it's just not within the spirit of Internet practices?

You might have a different view if it were your customers :-) The cause of our domain name to be removed from the .com zone is bad enougth. But for Verisign registry to hijack our traffic and then bounce all customer emails until they got us back in the DNS is quite another. The time has come for the "techies" to stand up and take these marketing bastards to task. regards -- Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED http://www.2day.com "Hell, there are no rules here - we're trying to accomplish something!" Thomas A Edison

On Wed, 17 Sep 2003, Keith Davidson wrote:

If someone of a technical nature wanted to draft up something more useful than a moan at ICANN / Verisign, I'd be happy to mobilise InternetNZ to take the issue further.

Most of the techie stuff should be conveniently there in Google/Froups. Peter should be able to provide you with real-world evidence that the current structure is harmful, so a loud squal from InternetNZ would be in order, methinks. -- Juha Saarinen

On Tuesday, September 16, 2003, at 11:51 PM, Keith Davidson wrote:

Juha wrote:

...

2-daaayyoh, 2-day-ay-ay-oh. Internet sucks and me wanna go home.

Anyway, things seem to be working again.

So who's going to roast point the Giant Flamethrower at Marina Del Rey? Perhaps this is a job for Captain InternetNZ?

I guess it could be a job for InternetNZ. But it occurs to me that Veri$ign are doing nothing "wrong", it's just not within the spirit of Internet practices? I have greater concerns with Verisigns wait-listing for domain names and associated fees, but then, what the heck, I'm a bean-counter, not a techie...

There are actually 3 separate problems (maybe more?): 1. Obvious technical problems (sudden disappearance of NXDOMAINS the main one) screwing up non-HTTP traffic. 2. If you remove your name servers for a com/net domain instead of your site going dead - which you may actually WANT to do - Verisign now gets the traffic. 3. Verisign is now presenting a copyrighted page when an unregistered phrase is entered - possibly problems with existing TM terms that are not registered as domains ( the IP lawyers have been strangely silent so far) and Verisign may be able to claim rights through prior-use to any phrases that someone wants to TM in the future. 4. Anticompetitive - Verisign are monetising traffic (via pay-per-click affiliation) for non-existing domains. If someone wants to compete with them in the same arena, they have to first figure out exactly WHICH non-existing domain needs to be registered (whereas Verisign KNOWS which ones are producing traffic) then PAY Verisign $6 per annum per domain for the privilege to compete with them. Verisign has zero cost per domain. And you can bet your aunty that as soon as they get their butt kicked over this, they'll form a subsidiary, take a look at the data they collected during this test period, and register all the domains that will produce more than $6 per annum in click revenue. Verisign needs to have the com/net contract PULLED for this little stunt. I doubt ICANN will do it, without pressure from Doc and FTC. OK. 4 problems.

There are actually 3 separate problems (maybe more?):

1. Obvious technical problems (sudden disappearance of NXDOMAINS the main one) screwing up non-HTTP traffic.

2. If you remove your name servers for a com/net domain instead of your site going dead - which you may actually WANT to do - Verisign now gets the traffic.

3. Verisign is now presenting a copyrighted page when an unregistered phrase is entered - possibly problems with existing TM terms that are not registered as domains ( the IP lawyers have been strangely silent so far) and Verisign may be able to claim rights through prior-use to any phrases that someone wants to TM in the future.

4. Anticompetitive - Verisign are monetising traffic (via pay-per-click affiliation) for non-existing domains. If someone wants to compete with them in the same arena, they have to first figure out exactly WHICH non-existing domain needs to be registered (whereas Verisign KNOWS which ones are producing traffic) then PAY Verisign $6 per annum per domain for the privilege to compete with them. Verisign has zero cost per domain. And you can bet your aunty that as soon as they get their butt kicked over this, they'll form a subsidiary, take a look at the data they collected during this test period, and register all the domains that will produce more than $6 per annum in click revenue.

Verisign needs to have the com/net contract PULLED for this little stunt. I doubt ICANN will do it, without pressure from Doc and FTC.

OK. 4 problems.

Add another point to the list - grave security concerns (IMHO) regarding mistyped email addresses. Ok so at the moment they have a bogus SMTP server which rejects any mail you try to send it, but whats to say that they won't sneakily change this in future to accept messages (or certain messages) and only reject the messages AFTER the data phase of the SMTP transaction, instead of before, as it does at the moment. The end user sees the incorrectly addressed mail bounce back, shrugs their shoulders and re addresses it, meanwhile verisign could easily have a copy of that message, if they so desired. Why should the whole world trust verisign to keep rejections of mis-addressed email confidential when they can't be trusted not to pull a stunt like this in the first place ? At the very least it causes unnecessary traffic as a mailserver does a DNS lookup on a bogus domain, thinks that it exists, tries to send to verisign's server, and gets a reject instead of just seeing right away that the domain doesn't exist after the DNS lookup. Other things that have been broken by this include some spam filtering techniques - Most mailservers reject incomming mail when the return address is a non existant domain, (a surprising amount of spam attempts to do this) now all .net and .com domains are "valid" according to a simple DNS lookup done by the mailserver, so this is no longer effective. One thing that affected SpamAssassin is that the RBL dorkslayers (and orbs as well I think) which had been defunct for some time suddenly "sprang to life" as every DNS lookup under the dorkslayers domain suddenly started returning an ip address instead of NXDOMAIN, causing every message to match as if they were blacklisted... This madness must stop..... *sigh* Regards, Simon

Having had the IAB itself warn against this and been ignored, I am cynical as to what can be done. Patches sound a good plan. Isn't a nasty hack, by nature, more 'Evil' than using wildcards for unknown 2ld's in .com? At least Verisign are keeping the DNS consistant, even it is for their commercial benefit. How many people here use wildcard entries for their domains. If whoever has a.geek.nz was selling domains under this suffix, would having a wildcard make them Evil, or simply excercising their rights as the owner of this domain?

It's just another nail in the ARPANET coffin, isn't it?

DPF

James -- James Spooner WAND Group - The University of Waikato NZ WAND Hardware Lab - G.1.32 Email: jbs3(a)cs.waikato.ac.nz Ph: +64 7 8384466x6651 Fax: +64 7 858 5095 Mob: +64 21 447638 WWW: http://voodoo.cs.waikato.ac.nz/~jbs3

Juha Saarinen wrote:

James Spooner wrote:

...

If whoever has a.geek.nz was selling domains under this suffix, would having a wildcard make them Evil, or simply excercising their rights as the owner of this domain?

Verisign owns .com and .net?

Isn't possession 9/10ths ? -- James Spooner WAND Group - The University of Waikato NZ WAND Hardware Lab - G.1.32 Email: jbs3(a)cs.waikato.ac.nz Ph: +64 7 8384466x6651 Fax: +64 7 858 5095 Mob: +64 21 447638 WWW: http://voodoo.cs.waikato.ac.nz/~jbs3

At 22:13 17/09/2003 +1200, you wrote:

James Spooner wrote:

...

If whoever has a.geek.nz was selling domains under this suffix, would having a wildcard make them Evil, or simply excercising their rights as the owner of this domain?

Verisign owns .com and .net?

Which I think is the crux of the matter - who _owns_ these TLD's ? is it any one entity ? I think Andy pointed out quite rightly that this smacks so much of Anti Competitive behavior that it's not funny. The people that this was entrusted to are abusing the trust that was given to them by the Internet community as a whole, if they had actually bothered to _ask_ then it may not have been quite so bad, but they have just assumed that they have ownership of the TLD space and walked in and taken it. Imagine if InternetNZ were to do something similar, how would someone that wanted to get into this "market" be able to compete ? go and buy a country ? hmm.. I thought the last line on wired.com summed things up nicely.. "Right now, VeriSign's business is not a growing business, and anything that they do to add the slightest amount of growth is going to be positive," said Gene Munster, an analyst with U.S. Bancorp Piper Jaffray. (http://www.wired.com/news/business/0,1367,60466,00.html) "We cant make money in our normal business - so we will abuse the trust people put in us and turn ourselves into a marketing company !" Wonder when they will start sending out spam :-) -- Steve.

At 22:51 17/09/2003 +1200, Keith Davidson wrote:

Steve Phillips wrote:

...

Imagine if InternetNZ were to do something similar,

No - please - no - don't even imagine it. <shudder>

The useful thing about the InternetNZ model is that all NZ'ers have the ability to control what happens with the .nz namespace. If InternetNZ doesn't obey the rules, listen to the local Internet community and provide an efficient and effective registry, and sufficient outrage ensues, people can be sacked and people can be elected to make things right again.

These are not options available to the .com Internet community.

Which IMHO is how it should be. Why then is the generic Internet domain space (keeping in mind that .us was reserved for US based naming) suddenly belong to an entity to do with as they please ? keeping in mind also that .com, .edu, .org, .net and so on were not "USA reserved" but rather, generic TLD's that grew out of a legacy system and everyone in the world used - surely some hick-arse little corporate suit in the USA cant have the right to suddenly wake up and say "hey, i think I'll screw the Interweb up for everyone today" and proceed to do just that ? If this is the case then surely, if the Internet is to continue to be a viable medium and move on then this sort of thing should have controls such that people _at least_ know in advance that this is about to happen and can prepare for it. Where was the notification ? -- Steve.

From: "Juha Saarinen"

Verisign owns .com and .net?

Don't forget that up until now Microsoft owned the World Wide Web. Type this into IE www.dfghjkl.co.nz, rather than getting a DNS error you end up at Xtra MSN, thus Microsoft have built logic into IE to redirect non existant domain errors to a Microsoft MSN affiliate. So you could say that Verisign is just playing the same game that Microsoft has been playing. I suspect that Microsoft and their affiliates will be a bit pissed that their MSN Web servers have suddenly gone quiet, IE no longer redirects bad .com URLs, they hit Verisigns servers instead. A critical service pack for IE could be pending and Microsoft may be eyeing their piggy bank :) Cheers BG.

At 11:38 18/09/2003 +1200, Juha Saarinen wrote:

Brian Gibbons wrote:

...

Don't forget that up until now Microsoft owned the World Wide Web. Type this into IE www.dfghjkl.co.nz, rather than getting a DNS error you end up at Xtra MSN, thus Microsoft have built logic into IE to redirect non existant domain errors to a Microsoft MSN affiliate.

No, the analogy doesn't hold. To start with, you can change the default search page in IE quite easily (and Microsoft even provides the tools for that). Also, it's not just domains that it searches for.

Second, you don't have to use IE and finally, IE doesn't 0wn j00 emailZ.

Lets also keep in mind that this is not limited to just e-mail and web traffic, this affects _all_ protocols where someone could make a typing mistake. Do we really trust Verisign that much that they wont go on a password gathering rampage, or launch man in the middle type attacks all in the name of being a nice big brother ? This has some pretty _major_ security implications as well. -- Steve.

At 12:21 18/09/2003 +1200, Edward Yardley wrote:

I've always noticed that nz.com have a * entry, which could be seen as just reserving what belongs to the owner (ie *.nz.com) but doing it to the whole .com etc name space is just whacking the ball out of court.

There is a difference between someone paying for a domain name and then deciding what to do with the sub domains and what Verisign have done which is not pay for, yet have full use of every domain that has _not_ been registered as yet. I'm sure if they worked out how many non-registered and possible combinations of domain there were out there and then paid for the usage of these domains then no one would have a problem with what they are doing - point was, they just woke up one day and decided "hey, we have a cool business idea - it will make us money, and no one else can compete in this space ! we are onto a winner here !" and then went and put this thought into action with no warning or consultation with anyone else that partakes in this wee community we call the Interweb. If nothing is done then I guess the next best thing is to invest in Verisign stock as they have pretty much cornered the market. -- Steve.

Andy and all, Lets not forget that Verisign was GIVEN .COM in perpetuity as part of the deal to give up .ORG... Andy Gardner wrote:

On Wednesday, September 17, 2003, at 07:21 PM, Edward Yardley wrote:

...

I've always noticed that nz.com have a * entry, which could be seen as just reserving what belongs to the owner (ie *.nz.com) but doing it to the whole .com etc name space is just whacking the ball out of court.

The registrant of the nz.com namespace has leased that domain for a certain fixed period and (subject to certain restrictions) is allowed to do whatever they like with it.

Verisign has not leased the com/net namespace. They are PAID TO MANAGE IT. If they run their business so badly that they can't make a profit on US$6 per domain per year, then they should give up the contract and get out of the zone management business, not hijack the zone to the detriment of the entire Internet community.

(Hurrumph.)

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Regards, -- Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 131k members/stakeholders strong!) "Be precise in the use of words and expect precision from others" - Pierre Abelard =============================================================== CEO/DIR. Internet Network Eng. SR. Eng. Network data security Information Network Eng. Group. INEG. INC. E-Mail jwkckid1(a)ix.netcom.com Contact Number: 214-244-4827 or 214-244-3801

"Brian Gibbons" wrote:

Don't forget that up until now Microsoft owned the World Wide Web.

Type this into IE www.dfghjkl.co.nz, rather than getting a DNS error you end up at Xtra MSN, thus Microsoft have built logic into IE to redirect non existant domain errors to a Microsoft MSN affiliate.

So you could say that Verisign is just playing the same game that Microsoft has been playing.

Absolutely not. As others pointed out, this can be turned off or modified by the user. But the important thing is that the way IE handles unresolved domains *only* affects Web queries through IE; it's purely an application level function, which is entirely appropriate. (Personally, I find IE's going to the search page annoying, and I turn it off, and if I couldn't I could always use a different browser. Which I usually do anyway. Choice is good.) What Verisign have done is unilaterally changed the behaviour of all applications using NET & COM DNS lookups, and that is a Very Bad Thing. -- don

DPF wrote:

More seriously in my experience the 2day.com chief enthusiast is very adept at communicating his displeasure directly and without assistance

It will happen the moment I catch my breath. We are all exausted up here. I'd like to personally thank all of the NZ ISP's who were able to insert our zone into their caching name servers. NZRS also did an emergency .nz zone push to allow us to mitigate some of the fallout. I'm personally very grateful for the assistance we have received locally and internationally. Without it, we could well have been dead in the water by now. regards -- Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED http://www.2day.com "Hell, there are no rules here - we're trying to accomplish something!" Thomas A Edison