[wildcard-comments] It breaks all non-HTTP applications in new ways, ways that lead tosupport calls
I build distributed applications using SOAP over HTTP, and other protocols (RMI-IIOP and others). The verisign hack assumes that only HTTP matters, and that the only thing making HTTP requests is an end user.
Nothing I do meets those criteria.
SOAP clients, when hitting a wrong endpoint, now get a 302 response with an HTML body instead of a no-such-host fault. That gets passed upstream. If an end user sees a 'no host' exception, they may be clever and think 'maybe the endpoint is wrong'. If they get a 302 fault (apache axis) or a "got text/html, expected xml" error (Microsoft .net), the end user is going to call the support line. me. And if they were hitting a port other than 80 they see connection refused. Again the chance of them calling me is greater.
So, Verisign, by creating dummy web servers at all mistyped sites, is threating the fault handling of soap stacks, and increasing the cost of support for their providers.
I did not request this service when I registered my domains. When one of them expires next month, I will be moving it to .org in protest.
On an unrelated note, I believe verisign gives ICANN a small fee per registered domain. is this correct? If it is, then surely by effectively registering *.com, verisign owe ICANN a very large amount indeed. I suggest you ask for it,