Month: October 2003

At the DC workshop, the Q&A is going on as I type this. Verisign is being grilled about their “user survey.” Verisign tries to spin Sitefinder as a pro-user service that was accepted well. Secsac members are raising doubts about what kinds of questions were asked, and are trying to drill down to what was actually asked. Verisign refuses to release the questions asked, though.I’ve submitted two questions to the SECSAC’s comment address. Both were read; thanks!

• How many of the respondents to the surveys quoted (which included users from Germany and China) do not speak English?
  Answer: “don’t know.” I’m actually starting to wonder what language was used for the survey questions in these countries.
• Verisign says it does not use the wildcard to collect personal data. What about the third-party (Overture) web bug placed on the Sitefinder site?
  Answer: Web bug exists. Planning to do minimum information only. (?) Opt-out? No. Consistent with privacy practices. Crocker explicitly speechless.

Some interesting discussion between Crocker and Verisign people on whether this is a registry service change. Crocker insists that core of registry function was changed. Gomes emphasizes RFC compliance. Counsel to Verisign steps in and notes that some terminology (“registry service”) is loaded with legal meaning.Several people ask why a user survey is thought to be relevant for security and stability and presented at this meeting. No conclusive answer.Question about service survey conducted — can Verisign make data available? Answer: Results are in the slides; data are proprietary.Closing question from Rick Wesson: Further undisclosed testing with non-delegation records? Long silence. “If move forward, testing needed, to provide secure and stable service.” Crocker: Good. Rick: No. Crocker: Good that we understand situation.

The SECSAC’s second meeting on sitefinder is going to begin at 1 pm EST. The webcast URL has now been posted to ICANN’s web site.Presentations already available from the agenda page: VeriSign, Edelman.PS: I don’t promise to take extensive notes this time.

The delegation-only patches to BIND that have been deployed in response to Verisign’s sitefinder service happen to break e-mail to first@last.name, since the TLD server directly returns MX records. No wildcards are involved here.Global Name Registry to ICANN: Global Name Registry is disappointed to see .name customers being caught up in the crossfire between other parties on the Internet and what has perhaps been an emotional rollout of a technical countermeasure to the .com and .net zone change.

There’s another Security and Stability Advisory Committee meeting in Washington DC on Wednesday, to focus on VeriSign’s planning, data collection and analysis of its experience.The following material from the October 7 meeting is available: Morning Session Video; Afternoon Session Video; Real-time captioning; Agenda and Presentations.Later: The meeting on Wednesday will be webcast.

Unsponsred registry operators to ICANN: The unsponsored registry members of gTLD Registries Constituency (.biz, .com, .info, .name, .net, .org and .pro) are concerned that a process for the introduction of Registry Services involving a policy development process within the ICANN community may pose serious competition issues. Referral of new Registry Services through a PDP, or even community consultation, when some members of the community may be viewed as competitors with the gTLD Registries for certain Registry Services could potentially inhibit and interfere with the business of the gTLD Registries.Paul Twomey had asked the GNSO to develop a process for the approval of new registry services in the context of ICANN’s demand that Verisign stop its sitefinder service. A GNSO Council conference call to discuss this is scheduled for Thursday this week.

The marketing spin: At exactly this time, hundreds of thousands of extremely attractive names, taken on most other TLDs like .com, .net, .org, .biz and .info, suddenly becomes available, probably for the last time in many years. .NAME is the last TLD to become fully open of the 7 new top-level-domains introduced by ICANN in 2001.

Ed Foster reports about registrants who transferred their domain names away from Network Solutions, but on October 1 received expiration notices that offered to renew the domain names in question for an extra fee. NetSol later sent a letter apologizing for sending out erroneous notices to former clients.Sounds like the pattern observed in messages to the ALAC’s forum address and to Dave Farber’s IP list in early October.

Discussion on how to block blog spam is going on over at Feedster.Here’s one thing I found remarkable about the comment spam I got so far: Every single notification e-mail MT sent me about such comments was caught by spamassassin. The best way to attack this is probably by not reinventing the wheel, but marrying e-mail anti-spam tools with blogging software. Could be as easy as turning a comment into a fake e-mail message and handing that off to spamd before you accept a comment.Also, the blog world might wish have a look at some of the other lessons learned by the e-mail antispamming community. One of these: When there is a central point of failure that can make many spam filters fail at the same time (like a block list), then that service is attacked until it’s unavailable.

Princeton University Computer Science Technical Report TR 679-03 by John Halderman (discussion at Ed Felten’s Freedom To Tinker) dissects a CD copy protection scheme by Sunncomm Technologies that is based on Windows’ and MacOS X’s autorun features: When you insert a protected CD into a computer, drivers are installed that give access to DRM-protected versions of the CD’s content, and interfere with attempts to access the CD’s audio tracks.The scheme can be “broken” by disabling these drivers, or by turning off autorun. Also, the scheme is completely ineffective when Linux or MacOS 9 is run.SunnComm has now threatened to sue the technical report’s author for violation of the Digital Millennium Copyright Act.EFF press release.Later: Reactions, summarized by Donna Wentworth.Still later: Sunncomm says it won’t sue Halderman.

Verisign Statistics:

— 84 percent of Internet users who have tried Site Finder said that they preferred the service to receiving an error message.
— 65 percent of Internet users reported that they found the service easy to use while 61 percent said that Site Finder enabled them to find what they were looking for.
— 53 percent of Internet users said that Site Finder improved the Internet (an additional 35 percent of users thought it improved the Internet somewhat).

How many of those surveyed speak a language other than English as their native language? Remember, sitefinder is exclusively available in English.PS: That particular press release quotes a user talking about 404 responses. 404 is an error generated by a server when you reach it. It doesn’t have terribly much to do with Sitefinder.