An "anonymous reader" using almost identical language to Verisign
public statements, submitted the following to Slashdot: "After .COM and
.NET started using a wildcard, the internet community busily started creating
patches to various pieces of software to circumvent this. It was said that
this was a grave problem to the internet. Several official BIND patches
were announced over the next few days. However, it turns out they weren't
necessarily too well thought through. Usage of the patch unexpectedly
broke at least 7 Top Level Domains, ISC announced 3 weeks later, after
users started having problems. The .NAME registry has sent a formal letter
to ICANN's Security and Stability Advisory Comittee to warn against using
the BIND patch, which they will look into in their next meeting. The
intention may have been good, but... Stability? Anyone?"
NSI negotiated an agreement with ICANN overseen by the Department of
Commerce so it could keep acting as the registry and registrar for .COM
and .NET. NSI/Verisign entered into this agreement of its own free will
in order to extend its registry and registrar contracts for many years.
NSI/Verisign agreed to follow several procedural safeguards, which some
other registrar/registries like .NAME didn't.
As part of the agreement NSI/Verisign split domain name operations into
two parts. The VeriSign COM NET Registry managed the COM and NET
registry and zone files. Verisign GRS committed to fair and equitable
treatment of all ICANN registrars accreditated by ICANN. The Registry
systems are supposed to have "total separation" from other VeriSIgn
systems. Quoting their web site: "Since the establishment of the
Registry division in 1999, a primary focus of the entire staff has been
developing and maintaining effective structural and procedural measures
to provide an effective, credible separation between its Registry and
affiliated Registrar businesses."
The Registry (not the Registrar) is responsible for generating the .COM
and .NET zone files from information submitted by all accredited
registrars on an equal basis.
Assuming Verisign defends its position that wildcards in a top-level zone
don't create security or stability problems, how will the Verisign GRS
make the wildcard capability available to all ICANN acredited .COM and
.NET registrars without creating a conflict of interest? Why shouldn't
all ICANN accredited registrars be able to enter wildcards in the .COM and
.NET zone files on a equal access basis? Or is the Verisign GRS favoring
its corporate sibling by entering special information in the .COM or .NET
zone files for its sibling's benefit without offering the same capability
to all other registrars.
Registry Code of Conduct