[chox] [GNU] ICANN contra VeriSigns DNS wildcard

• From: Holger Weiss <lists jhweiss.de>
• Date: Sun, 5 Oct 2003 05:50:51 +0200

Sind scheinbar doch mal fuer was gut, die ICANN-Jungs.

---------- 8< ---------------------------------------------

3 October 2003

Via E-mail and U.S. Mail

Russell Lewis
Executive Vice President, General Manager
VeriSign Naming and Directory Services
21345 Ridgetop Circle LS2-3-2
Dulles, VA 2[PHONE NUMBER REMOVED]

Re: Deployment of SiteFinder Service

Dear Rusty:

This letter is further to the advisory posted by ICANN on 19 September
2003 regarding the changes to the operation of the .com and .net Top
Level Domains announced by VeriSign on 15 September 2003, and in
response to your letter of 21 September 2003. These changes involved the
introduction (for the first time in the .com and .net domains) of a
so-called "wildcard" mechanism that changes the expected error response
for Internet traffic that would otherwise have resulted in a "no domain"
response, and redirects that traffic to a VeriSign-operated webpage with
links to alternative choices and to a search engine.

Because of numerous indications that these unannounced changes have had
very significant impacts on a wide range of Internet users and
applications, ICANN on 19 September 2003 asked VeriSign to voluntarily
suspend these changes, and return to the previous behavior of .com and
.net, until more information could be gathered on the impact of these
changes. On 21 September 2003, VeriSign refused to honor that request.
In the time since then, ICANN has had further opportunity to consider
the technical and practical consequences of these changes, and to
evaluate whether these unilateral actions by VeriSign were consistent
with its contractual obligations to ICANN.

Based on the information currently available to us, it appears that
these changes have had a substantial adverse effect on the core
operation of the DNS, on the stability of the Internet, and on the
relevant domains, and may have additional adverse effects in the future.
These effects appear to be significant, including effects on web
browsing, certain email services and applications, sequenced lookup
services and a pervasive problem of incompatibility with other
established protocols. In addition, the responses of various persons and
entities to the changes made by VeriSign may themselves adversely affect
the continued effective functioning of the Internet, the DNS and the
.com and .net domains. Under these circumstances, the only prudent
course of action consistent with ICANN's coordination mission is to
insist that VeriSign suspend these changes pending further evaluation
and study, including (but certainly not limited to) the public meeting
already scheduled by ICANN's Security and Stability Advisory Committee
on 7 October in Washington, D.C.

In addition, our review of the .com and .net registry agreements between
ICANN and VeriSign leads us to the conclusion that VeriSign?s unilateral
and unannounced changes to the operation of the .com and .net Top Level
Domains are not consistent with material provisions of both agreements.
These inconsistencies include violation of the Code of Conduct and equal
access provisions, failure to comply with the obligation to act as a
neutral registry service provider, failure to comply with the Registry
Registrar Protocol, failure to comply with domain registration
provisions, and provision of an unauthorized Registry Service. These
inconsistencies with VeriSign's obligations under the .com and .net
registry agreements are additional reasons why the changes in question
must be suspended pending further evaluation and discussion between
ICANN and VeriSign.

Given these conclusions, please consider this a formal demand to return
the operation of the .com and .net domains to their state before the 15
September changes, pending further technical, operational and legal
evaluation. A failure to comply with this demand will require ICANN to
take the steps necessary under those agreements to compel compliance
with them.

Various press reports have quoted VeriSign representatives as being
concerned about the processes by which changes in the operation of
top-level domains are evaluated and approved by ICANN. I share those
concerns. The introduction by registry operators of new products or
services that do not threaten adverse effects to the Internet, the DNS
or the top-level domains which they operate should not be impeded by
unnecessary or prolonged processes. On the other hand, VeriSign, like
other operators of top level domains, occupies a critical position of
public trust, made even more important given the fact that it is the
steward for the two largest generic top level domains. This means that
VeriSign has both a legal and a practical obligation to be responsible
in its actions in operating those top level domains.

To ensure that this obligation is carried out, there must be a timely,
transparent and predictable process for the determination of the
likelihood that a proposed change in the operation of a generic
top-level domain under contract with ICANN will have significant adverse
effects. To this end, I will be asking the GNSO to begin to create such
a procedure, taking into particular account any comments submitted by
other ICANN advisory bodies, liaisons, and constituencies. I will
request the GNSO to make its recommendations no later than 15 January
2004.

If, during this period, further technical and operational evaluations of
the changes made by VeriSign on 15 September indicate that those
measures can be reinstated, or reinstated with modifications, without
adverse effects, I will initiate the process to modify the .com and .net
agreements to allow those changes to take place. We will use best
efforts to complete these evaluations in a timely manner.

If, on the other hand, these ongoing evaluations confirm the claimed
adverse effects on the Internet, the DNS or the .com and .net domains
that have been publicized to date, or raise new concerns of that type,
those concerns will have to be resolved prior to any reintroduction of
these changes. If any such concerns cannot be resolved, and VeriSign
continues to seek to implement the service, it will be necessary to make
recourse to the dispute resolution provisions of the two agreements.

Given the magnitude of the issues that have been raised, and their
potential impact on the security and stability of the Internet, the DNS
and the .com and .net top level domains, VeriSign must suspend the
changes to the .com and .net top-level domains introduced on 15
September 2003 by 6:00 PM PDT on 4 October 2003. Failure to comply with
this demand by that time will leave ICANN with no choice but to seek
promptly to enforce VeriSign's contractual obligations.

I look forward to VeriSign's compliance by the date specified.

Best regards,

Paul Twomey
President and CEO
ICANN

cc:
Chuck Gomes - Vice President, VeriSign Naming and Directory Services
Kevin Golden, Esq. - Senior Corporate Counsel, VeriSign, Inc.

---------- 8< ---------------------------------------------

[ http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm ]

Offensichtlich hat VeriSign ziemlich genau zum Ablauf des "Ultimatums"
eingelenkt. Vorhin noch:

| $ host foobarorgnixda.com
| foobarorgnixda.com      A       64.94.110.11
| $ host foobarorgnixda.net
| foobarorgnixda.net      A       64.94.110.11

Jetzt:

| $ host foobarorgnixda.com
| foobarorgnixda.com does not exist (Authoritative answer)
| $ host foobarorgnixda.net
| foobarorgnixda.net does not exist (Authoritative answer)

:-)

Holger

-- 
PGP fingerprint:  F1F0 9071 8084 A426 DD59  9839 59D3 F3A1 B8B5 D3DE
_______________________
http://www.oekonux.de/

• Previous thread: [chox] weiter, weiter, weiter
• Next thread: [chox] i18n, UNICODE und Freie Software
• Next by Date: [chox] i18n, UNICODE und Freie Software
• Prev by Date: Re: [chox] Je apolitischer die Bevölkerung ist, desto größer sind die Chancen