I would like to make a few evolving observations
about the wildcard DNS entries which Verisign
initiated in .net and .com earlier today.
1) By all reasonable interpretations, Verisign is now
operating in violation of the .com and .net Registry
Agreements. Specifically, Sect 24 of the main agreement
for .com and Sect 3.5.3, 3.5.5, and 3.6, 3.8 of the main
agreement for .net, and the rather blank Appendix X.
I believe it to be trivial to demonstrate that even
if Verisign issued an ammended Appendix X, such a wildcard
entry will exceed the numerical limits specified of 5000
domains, and that the anti-competitive and code of conduct
sections will still apply and prohibit this behaviour.
2) By any reasonable interpretation this sort of change
should have been clearly announced beforehand to technical
communities that would be affected, including but not
limited to NANOG, and was not.
3) By any reasonable interpretation this sort of change
should have been clearly announced beforehand to policy
communities that would be affected, and was not.
4) By any reasonable interpretation of safe and conservative
operational procedure, when the various technical and policy
issues which were raised over the course of today were
made public, Verisign should have rolled the changes back
out and announced so until such time as at least *proper*
and extensive announcements were made, preferably until such
time as Verisign obtained technical community and policy
community approval. Verisign has not done so as of when this
email was being prepared, at least not querying A.GTLD...
5) An organization which displays this sort of behaviour
is not a reasonable candidate from an operational standpoint
to stand as the manager of any GTLD.
6) An organization which displays this sort of behaviour
is not a reasonable candidate from a legal standpoint to
stand as the manager of any GTLD.
7) An organization which displays this sort of behaviour
is not a reasonable candidate from a technical standpoint
to stand as technical manager of any GTLD or the registrar
8) An organization which displays these sorts of behaviours
clearly calls into question the operating assumptions about
fair registrar behaviour in the .com and .net registry
agreements and thus the entire validity of allowing one
company to both manage and act as a registrar for those
9) The apparent complete lack of clue on Verisigns'
part as to the magnitude of the hornets nest that
this change would kick over, and its lack of any appropriate
responses even simply better wider information releases,
calls into question the suitability of Verisign's staff
and management structure for operating the key central
10) Given items 1-9, I call upon ICANN to immediately
launch an investegation into the validity and legality
of Verisign's wildcard DNS entries; into the operational
procedures Verisign is using; into the apparent material breach
of Verisign's .com and .net management contracts; and into
the suitability of Verisign to remain the .com and .net
manager in the future and in pariticular the suitability
of the current Verisign management team for participation
in that key neutral operational role. I specifically
request that ICANN initiate community policy discussions
as to whether the GTLD management functions should be
required to be spun off into a separate entity from
Verisign and not sharing any ownership or management
11) Given items 1-9, I call upon the Department of Commerce
to immediately investigate whether Verisign is in material
breach of its cooperative agreements and whether Verisign
in its current form and with its current staff are suitable
to remain manager of the .com and .net GTLDs, and the same
set of questions I pose to ICANN, in such areas as DOC
is engaged in policymaking regarding Internet Domain Names.
-george william herbert