No Such Weblog

Steve Crocker introduces Bellovin, “incredibly smart guy.” Topic: Architectural issues.

Richard M. Smith talks about information flow. Passing information to Omniture. Forms that point to expired domain names. Frames, pictures, scripts that are redirected to Sitefinder.A lot of information is sent to sitefinder.Fundamental point: Why not run sitefinder as applet in a web browser? Do it at the client side.

Paul Vixie presents. Observed workarounds.

David Schairer (VP Software Engineering, XO Communications) speaks on consequences of sitefinder.

After Steve Crocker has finished his introductory remarks, Verisign’s Scott Hollenbeck delivers his presentation on Sitefinder.What is Sitefinder? Implementation. Technical Questions Raised. DNS Wildcard Guidelines. Questions?Notes below. Most of what Hollenbeck says is (almost verbatim) what’s in Verisign’s response to the IAB, though.

The SecSAC meeting on Sitefinder in Washington DC is about to begin.General Meeting Information ｷ Agenda ｷ WebcastComments can be sent to secsac-comment@icann.org.

Verisign’s latest spin goes like this:

ICANN caved under the pressure from some in the Internet community for whom this is a technology-religion issue about whether the Internet should be used for these purposes.For this vocal minority, resentment lingers at the very fact that the Internet is used for commercial purpose, which ignores the fact that it’s a critical part of our economy.

That’s, of course, outrageous nonsense. What Verisign attempts to do is to throw out services that are being provided at the network’s edges by abusing its government-granted stewardship role for .com and .net.The objection here is not about commercial use of the Internet: It’s about keeping the net’s architecture open for commerce. It’s about keeping an architecture which enables different players to compete by providing innovative and better services to customers.Verisign’s sitefinder, however, is no such service: The only “innovation” here is to change the net’s architecture in a way which makes it impossible for other players to compete with Verisign.Time for a re-bid?

The latest exchange of letters between ICANN and Verisign is now available from ICANN’s web site.In response to ICANN’s pressure last Friday, Verisign’s Rusty Lewis accuses ICANN of a violation of the Registry Agreement as well as an anti-competitive interference with VeriSign’s existing contractual and other advantageous business relationships. Threatens Lewis: VeriSign fully intends to hold ICANN accountable for the damages caused by its improper actions.In a second letter, also dated 3 October, Lewis complains about lacking neutrality in ICANN’s Security and Stability Advisory Committee, and about lack of opportunity to debunk some of the misconceptions currently being forwarded. In a letter from Monday, Twomey responds. He rejects Verisign’s concerns about the SecSAC and tomorrow’s agenda, and suggests that SecSAC should hold a second meeting two weeks later or at such a time as VeriSign is ready to state its full technical position. Verisign is also formally requested to release its testing data from before, during and after the Service Change and to do so well in advance of the Second Meeting.

ICANN’s Security and Stability Advisory Committee page now has detailed information about the agenda of tomorrow’s meeting. The meeting will be webcast; remote participants will need to have realplayer installed.

Two interesting postings from the nanog list: Owen DeLong writes to the Washington Post’s ombudsman and offers detailed comments on David McGuire’s October 3 article; William A. Simpson writes to the New York Times and explains what’s not in Elizabeth Olson’s report.This shows that, while Sitefinder is bad for average users, a lot of spin is currently emanating from Verisign, and needs to be busted.