[wildcard-comments] Increased security problems with verisigns wildcard records
The fact that this affects all current and future internet applications and not just the WWW makes this a very bad decision. My main concern is privacy and leaked information issues. More chances for someone sending semi-private information to verisign instead of their intended party where normally they would get a dns error. How would you like to design an application and have an error in it that sent information to a mispelled domain name. For an example, quake3 uses UDP packets to send authorization information to ID software's servers. In that auth information is the users serial key. I would feel very uncomfortable knowing that some(not ISP) company could potentially get information they were not supposed to get if the developers mistyped a domain. You could argue that if they mispell it and the mispelling happens to exist the information could go to another company too, but the majority of mispellings do not have a domain(as sitefinder has *graciously* giving us numbers of ~52 million people were forced to use sitefinder because of mispellings). Verisign is trying to manipulate DNS into a WWW service when DNS has far more uses than just for WWW. Who knows what will be a popular service in 10 - 20 years from now. I only wish I had the money to bring them to court for the privacy issues alone with this service. I am just a lone developer / sys admin and verisign has made it clear(since they plan to reinstate the service despite the huge amount of tech people begging them not to) that the tech people that helped create and shape the internet do not know what is best for the internet as a whole. I can only hope that ICANN can help verisign understand that DNS is bigger than just WWW use and that verisign has no right to change something as fundamental as an NXDOMAIN to resolve to their servers. -- Adam Gibson <agibson@xxxxxxx> Internet System Admin Pro Tech Monitoring, Inc. 727 484-3100 ext.258 Attachment:
signature.asc |