October 7, 2003 5:23 PM PDT

VeriSign fends off critics at ICANN confab

WASHINGTON--David Schairer, vice president of broadband provider XO Communications, is frustrated by VeriSign's decision to redirect Web surfers who mistype domain names to its own advertising-based Web site.

At an unprecedented public meeting Tuesday to discuss VeriSign's "Site Finder" redirection, Schairer described in detail how the changes had increased XO's network traffic, confused his customers' e-mail utilities, and disabled a test that previously snared about one-fifth of the spam directed at XO's network.

The Site Finder server also chokes on large e-mail messages that are addressed to nonexistent domain names and does not work with software created for people with handicaps, Schairer said. He predicted that the work required to fix similar problems in thousands of software programs is smaller in scope but "similar in kind" to the massive Year 2000 bug effort--amounting to a kind of "tax on the Internet."

David Schairer Schairer's examples and those offered by other participants at the meeting--organized by the Internet Corporation for Assigned Names and Numbers (ICANN)--combined to put VeriSign on the defensive on Tuesday. The company, which enjoys a government-granted monopoly on the master .com and .net database, said last week it would "temporarily suspend" its redirection service.

But VeriSign made clear during the open meeting convened by ICANN's Security and Stability Advisory Committee that it had no intention of turning Site Finder off for good. Executives from the company said they were considering turning on Site Finder again but disabling the "wild card" service for e-mail deliveries to nonexistent domains--which could solve many of the e-mail problems that speakers described.

"What I was kind of hoping to hear from the presentations was not just the theoretical 'What can go wrong?' sort of things," said Ken Silva, who oversees VeriSign's technical services and is a member of the ICANN committee. "The service ran for a number of weeks, and quite frankly, we did not experience nor did our users experience the catastrophes we're hearing are theoretically possible. We're not seeing the odd instabilities that are claimed."

Ken Silva VeriSign's Scott Hollenbeck said that the company's own statistics showed that only 3 percent of e-mail spam is identified using a domain name look-up technique, which can be broken by Site Finder. Hollenbeck also said that 68.7 percent of Internet traffic to nonexistent domains represented Web connections, 17 percent was e-mail, and the rest were IRC (Internet relay chat), POP, and assorted protocols.

The unusual meeting--ICANN has never held one like it before--was organized to let the committee hear technical concerns about Site Finder and prepare a public report. Legal and policy questions were not on the agenda, and VeriSign representatives repeatedly objected when the discussion veered in that direction.

"Are we going to focus on security and stability, or usability?" asked VeriSign's Ben Turner, saying the committee's mandate was too narrow to include broader questions about Site Finder.

Stephen Crocker, one of the Internet's original architects and the ICANN committee's chairman, asked VeriSign why the wild card was introduced without giving network operators any warning. "I know for a fact that VeriSign has no problem finding its way to those (technical discussion) forums," Crocker said, referring to the company's ongoing participation in them.

"I don't want to go beyond the agenda," replied Chuck Gomes, VeriSign's vice president for its registry service. Citing concerns of proprietary information and competitive advantage, he added that he didn't think he could guarantee any advance notice of similar changes in the future.

Matt Larson, of VeriSign Naming and Directory Services, dismissed reports of widespread problems with Site Finder. "We have a hard time with this idea that it's had a huge impact," Larson said. He said he couldn't discuss the results reported by XO Communications because "we didn't have the chance to see this presentation in advance."

VeriSign's policy was intended to generate more advertising revenue by driving additional visitors to its network of Web sites. But the change has had the side effect of rewiring a portion of the Internet that software designers always had expected to behave a certain way. That rewiring caused the negative consequences described by the meeting participants.

In an unusual grassroots movement, some network administrators have adopted technical countermeasures against VeriSign. A typical one has been to install a modified version of BIND (the standard utility used for Internet domain name look-ups) that essentially restored the original network behavior.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.