[Am-info] Verisign attempt to "hijack" all unpaid .com and .net addresses

Gene Gaines gene.gaines@gainesgroup.com
Tue, 16 Sep 2003 09:00:47 -0400 

Sorry, this is way off topic, but Microsoft's founder and Verisign's
Chairman seem to be similar, the principal difference being that
so far Verisign's is a wannabe.

What is described below appears to be an incredible, nasty attempt at
a power grab by Verisign.  If it is permitted, it tells us that both
ICANN and the U.S. Department of Commerce have no real interest in
defending the Internet.

Nasty.

Gene Gaines
gene.gaines@gainesgroup.com




This is a forwarded message
From:  Yakov Shafranovich <research@solidmatrix.com>
To:    ietf@ietf.org
Date:  Tuesday, September 16, 2003, 12:01:12 AM
Subject: [Fwd: [Asrg] Verisign: All Your Misspelling Are Belong To Us]
=================Original message text===============

I am forwarding this message from the ASRG list. If you haven't heard it 
yet, Verisign has activated their "typos" DNS service for .COM and .NET.

-------- Original Message --------
Subject: [Asrg] Verisign: All Your Misspelling Are Belong To Us
Date: Tue, 16 Sep 2003 03:10:52 +0200
From: Brad Knowles <brad.knowles@skynet.be>
To: IRTF ASRG <asrg@ietf.org>

Folks,

        This was just posted to the NANOG mailing list.  There are
already people who are working on hacking BIND to return NXDOMAIN for
wildcard records in TLD zones, or perhaps for any reference to the
specific IP address(es) they are using (so far, we only know about
64.94.110.11).  Meanwhile, many are already null-routing this IP
address.

        This affects us, because now anyone can send spam with an address
like "i@spam.from.verisign.becausethisdomaindoesntreallyexist.net",
and yet still have that pass standard anti-spam checks like "Does
this domain really exist in the DNS"?


        Another one for the service provider BCP, I think.


        Anyway, the full message announcing this "enhancement" is:

>Date: Mon, 15 Sep 2003 19:24:29 -0400
>From: Matt Larson <mlarson@verisign.com>
>To: nanog@nanog.org
>Subject: Change to .com/.net behavior
>
>
>Today VeriSign is adding a wildcard A record to the .com and .net
>zones.  The wildcard record in the .net zone was activated from
>10:45AM EDT to 13:30PM EDT.  The wildcard record in the .com zone is
>being added now.  We have prepared a white paper describing VeriSign's
>wildcard implementation, which is available here:
>
>http://www.verisign.com/resources/gd/sitefinder/implementation.pdf
>
>By way of background, over the course of last year, VeriSign has been
>engaged in various aspects of web navigation work and study.  These
>activities were prompted by analysis of the IAB's recommendations
>regarding IDN navigation and discussions within the Council of
>European National Top-Level Domain Registries (CENTR) prompted by DNS
>wildcard testing in the .biz and .us top-level domains.  Understanding
>that some registries have already implemented wildcards and that
>others may in the future, we believe that it would be helpful to have
>a set of guidelines for registries and would like to make them
>publicly available for that purpose.  Accordingly, we drafted a white
>paper describing guidelines for the use of DNS wildcards in top-level
>domain zones.  This document, which may be of interest to the NANOG
>community, is available here:
>
>http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf
>
>Matt
>--
>Matt Larson <mlarson@verisign.com>
>VeriSign Naming and Directory Services



==============End of original message text===========