Interesting People mailing list archives
Response to PFIR Public Call For Data Regarding VeriSign
From: Dave Farber <dave () farber net>
Date: Wed, 01 Oct 2003 03:58:23 -0400
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Tue, 30 Sep 2003 19:04:13 -0700 (PDT) From: Lauren Weinstein <lauren () vortex com> Subject: Response to PFIR Public Call For Data Regarding VeriSign To: dave () farber net Cc: lauren () pfir org Dave, You asked me for a quick preliminary survey of the kinds of responses being submitted to the recent PFIR "Public Call For Data" ( http://www.pfir.org/statements/vs-call-for-data ) regarding the impacts of VeriSign's "Site Finder" and the firm's sudden and drastic changes to the global .COM and .NET DNS environment. Here's a thumbnail view (not in any particular order) of the categories, for IP if you wish. - Anger, Indignation, etc. Many of these can be loosely sorted into the "Who appointed VeriSign to be God?" category. A range of broad technical, operational, financial, and related concerns were raised, many focusing on the perceived abuse by VeriSign of their privileged position as the U.S. government-appointed guardian and monopoly operator of the .COM and .NET domain registry systems. Concerns were expressed regarding what is seen by many as anticompetitive and unfair behavior relating to the effects on persons using Web browsers around the world. Anger was common over VeriSign's trying to turn all unused .COM and .NET domains into a profit center, especially given VeriSign's special position. Some persons also included suggested remedies and punishments for VeriSign's behavior, many of which were highly imaginative, and some of which would probably be exceedingly painful and potentially disfiguring. - Broad Impacts on HTTP and DNS-based systems. In addition to the obvious effects of Site Finder on humans using Web browsers, VeriSign's actions have apparently had a dramatic effect on all manner of other applications that use the Internet, including a vast number that depend on HTTP protocols and DNS for their operations. This includes everything from complex point-of-sale applications to networked printers. The lack of consultation and warning by VeriSign regarding the impact of their changes disrupted the operations not only of deployed systems, but has necessitated massive changes in both operational applications and others under development, reportedly at great expense in many cases. VeriSign seems to have taken the attitude that the only "real" application for HTTP/DNS is folks surfing the Web. That may be the only one they really care about, but it is obviously but a fraction of the operational universe for these systems. - E-Mail Disruptions and Effects. The negative effects on anti-spam systems has been widely discussed. The impact of mistyped e-mail addresses that formerly were locally handled but that now must connect to the "faked" VeriSign mail servers has been dramatic. E-mail queues grew enormously after the VeriSign "surprise" and in many cases have remained many times their pre-"V-Day" levels. Local efforts to block VeriSign's Site Finder IP addresses have been time consuming and costly, and have sometimes had unexpected and negative side-effects of their own. Many ISPs have had to expend large sums to immediately install additional mail handling capacity. For smaller ISPs in particular, already fighting the impact of spam, this has been particularly devastating. - Only the U.S. and English Language Matters? Some non-U.S. users have expressed indignation that VeriSign would take it upon themselves to effectively bypass non-U.S.-based systems in place to provide Web surfers and others with appropriate error information in locally-expected languages. It was pointed out that even the Internet Explorer "no such domain" search features (which can be easily and completely disabled by users, in contrast to Site Finder) is normally configured by each user to function in a local language and is totally under user control. Many persons also submitted estimates regarding what they thought Site Finder had cost them or their firms. Some consultants noted that the situation was generating them extra work trying to fix their clients' systems that were broken by Site Finder, but they also felt that this was not the way they really wanted to be finding more work. It seems reasonable to extrapolate from the sorts of numbers being reported that VeriSign's changes to create their new profit center have likely collectively cost the Internet's users untold millions of dollars. Related time costs, lost productivity, and monetary costs are continuing to pile up every day as users, ISPs, and many others all continue to grapple with the situation that was thrust upon them so suddenly and unexpectedly. --Lauren-- Lauren Weinstein lauren () pfir org or lauren () vortex com or lauren () privacyforum org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, Fact Squad - http://www.factsquad.org Co-Founder, URIICA - Union for Representative International Internet Cooperation and Analysis - http://www.uriica.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Response to PFIR Public Call For Data Regarding VeriSign Dave Farber (Oct 01)