[wildcard-comments] Objections
The objections to VeriSign's DNS wildcard are so numerous and varied it's hard to know where to start. To begin with, I should think that VeriSign's obligations under the contracts which grant it the privilege of operating the root servers for the .com and .net TLDs must include techncal standards of performance. Don't those provisions specify adherence to the technical standards of the DNS? Aren't the relevant RFCs cited in those contracts? I can't imagine that they have been given carte blanche to define their own technical standards and criteria for quality and performance to suit their interests. If the wildcard is active then VeriSign's DNS service should be considered broken and non-performing. How many protocols and applications other than HTTP and the web in general are designed on the assumption that DNS will let them know when a query fails? What happens when a resolver returns the SiteFinder address to an application which assumes it's talking to a particular host and which then merrily proceeds to attempt to transact business with what amounts to an impostor? Furthermore, not all Internet HTTP traffic comes from Joe and Jane Citizen sitting behind a monitor wandering about the web. There's plenty of specialized use of HTTP if for no other reason than it's particularly easy to set up an HTTP server for myriad unusual applications. How many of those will break? While it's uncertain exactly what kinds of traffic will be misdirected because of this, it seems likely, at minimum, that sensitive information will end up transmitted to VeriSign's system by applications assuming they're sending it elsewhere. What protections are there for the unwitting senders of that information? This seems like a nearly definitive conflict of interest. If a company intends to operate a search engine for profit, having the freedom to effectively re-engineer a standard Internet protocol to drive traffic to it is clearly wrong. It's equivalent to a politician wangling street improvements designed to route traffic toward a business he operates and away from competitors (as happened here a while back). For anyone even mildly familiar with the history of the Internet and the various projects, from the old ARPANET and thereafter, this should be seen as a profound insult. While the architects of the net did explicitly intend for it to include commerce (http://www.isoc.org/internet/history/cerf.shtml), neither they nor the countless users and enterprises which came to be part of it and depend on it can accept it falling in the hands of a cartel of modern-day equivalents of the 19-century American railroad barons. Both technically and philosophically, the Internet was designed for and as a network of autonomous entities interacting cooperatively as a community. VeriSign has become the town bully, brandishing a weapon nobody can match: its stranglehold on its root servers and the TLDs they serve. While the right of persons or an enterprises to run their own shops is sacred, there are obligations to those who depend on them. That's why we have contracts. In this case, if the letter of the contracts which govern VeriSign's operation of root servers is, for some strange reason, doesn't prohibit this atrocity, the spirit certainly does. Ray Simard |