ICANN ICANN Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

[wildcard-comments] Increased security problems with verisigns wildcard records

  • To: wildcard-comments@xxxxxxxxx
  • Subject: [wildcard-comments] Increased security problems with verisigns wildcard records
  • From: Adam Gibson <agibson@xxxxxxx>
  • Date: 16 Oct 2003 11:01:41 -0400
  • Organization:
  • Sender: owner-wildcard-comments@xxxxxxxxx

The fact that this affects all current and future internet applications
and not just the WWW makes this a very bad decision.  My main concern is
privacy and leaked information issues.

More chances for someone sending semi-private information to verisign
instead of their intended party where normally they would get a dns
error.  How would you like to design an application and have an error in
it that sent information to a mispelled domain name.  For an example,
quake3 uses UDP packets to send authorization information to ID
software's servers.  In that auth information is the users serial key. 
I would feel very uncomfortable knowing that some(not ISP) company could
potentially get information they were not supposed to get if the
developers mistyped a domain.

You could argue that if they mispell it and the mispelling happens to
exist the information could go to another company too, but the majority
of mispellings do not have a domain(as sitefinder has *graciously*
giving us numbers of ~52 million people were forced to use sitefinder
because of mispellings).

Verisign is trying to manipulate DNS into a WWW service when DNS has far
more uses than just for WWW.  Who knows what will be a popular service
in 10 - 20 years from now.

I only wish I had the money to bring them to court for the privacy
issues alone with this service.  I am just a lone developer / sys admin
and verisign has made it clear(since they plan to reinstate the service
despite the huge amount of tech people begging them not to) that the
tech people that helped create and shape the internet do not know what
is best for the internet as a whole.

I can only hope that ICANN can help verisign understand that DNS is
bigger than just WWW use and that verisign has no right to change
something as fundamental as an NXDOMAIN to resolve to their servers.

Adam Gibson <agibson@xxxxxxx>
Internet System Admin
Pro Tech Monitoring, Inc.
727 484-3100 ext.258

Attachment: signature.asc
Description: This is a digitally signed message part

<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy