News coverage, Verisign etc.

In these days of corporate malfeasance scandal coverage, you'd think that
Verisign's tactics would have whetted the appetite of some bright
investigative reporter for one of the major publications.

For all that I'm critical of wildcards in TLDs -- I spoke at the
meeting yesterday, and my slides are on my Web page -- I don't think
there are any issues of malfeasance. No one has been looting
Verisign's coffers, they're not cooking the books, etc. I see three
issues: is this technically wise, did Verisign have the right to do
this under their current contract with ICANN, and should they have such
a right. I don't see anything resembling dishonesty.

    --Steve Bellovin,

Steve, I think that's a fair summary. They are being an aggressive business, and perhaps an aggressive business isn't the right steward for a TLD. In my "10,000 foot view," I tried to distinguish what the ideal should have been -- and maybe should be reflected in future contracts -- versus what did happen.

There's an old quote that applies to some extent, "Never attribute to malice what can be adequately explained by stupidity." I'm not saying the contract drafters were stupid, but they were under time pressure, couldn't foresee future operational contingencies, etc.

Nevertheless, we may have a legal situation not completely unlike the recent issues with do-not-call. When a judge ruled additional legislation was needed, it was passed and signed in what was close to an all-time record. Now, Verisign has a contract, but, if they continue to be disruptive, there are options. It is my hope that Verisign will moderate.

From "Shorter Oxford English Dictionary, Fifth Edition":

malfeasance / mal'fi:z(schwa)ns/ noun. L17.
[Anglo-Noramn malfaisance, from mal- MAL- + Old & mod. French
faisance: see FEASANcE. Cf. MISFEASANCE]
LAW. Evildoing, illegal action; an illegal act; spec. official
misconduct by a public servant.

I would argue that since Verisign took this action unilaterally in
violation of their contract to administer the REGISTRY function and
without the approval or consent of the community, this definition could
apply to their actions.

I would further argue that since Verisign declined ICANN's polite
request to cease and desist, they deliberately and willfully conducted
themselves in a manner known to be contrary to that public trust.
If that does not meet this definition, I do not know what would.



Per American Heritage Dictionary:

mal�fea�sance "Misconduct or wrongdoing, especially by a public official."

That's not the same as "dishonesty".

In any event, the problem is not that the semantics of the word are wrong in
this case, but that using the word just serves to inflame. I was particularly
heartened that yesterday's meeting was conducted in a thoroughly professional
tone, with folks offering clear and practical expressions of their views.


I see three issues: is this technically wise, did Verisign have the right
to do this under their current contract with ICANN, and should they have
such a right.

Is exactly the right way to approach this topic. (I think Howard's foray into
categorizing issues is also extremely constructive.)


Steve, et al:

There may be issues of collateral damage.

While Microsoft and Verisign battle one another
for the advertising revenue available from intercepting typographical
innocent third parties may have to repeatedly pay to modify their software.

The Verisign interception mechanism is being inserted into
the core infrastructure of the Internet, DNS. While their intent is
to capture eyeballs from Web URL typos, they inadvertently
capture all DNS typos. Thus, all protocols and services are affected.

Other protocols and services must analyze their own software
to see how it reacts to the new behavior of the DNS system.
Adversely affected protocols and services will have to make changes
to detect the Verisign scheme and compensate for it.

This will cost money.
There will be software development costs, as well as costs related to
customer support (new documentation, calls to tech support, etc.)

While the Microsoft eyeball-capture scheme affected only MS IE users,
the Verisign scheme affects everyone. When the behavior of the DNS changes,
software and user behavior will also require modification.

It has been suggested that the typo-eyeball capture revenue is quite large.

If Verisign is successful in obtaining this revenue, it will be
at the expense of Microsoft. Microsoft's revenue will decrease.

Microsoft is likely to respond. They may change the operation of
Internet Explorer to detect the Verisign system and to bypass it.
Perhaps they will bundle the fix into one of the recommended IE patches.
This will return the typo-eyeballs to Microsoft and recapture the revenue.

Verisign will then suffer a downturn in revenue, and will likely try to
To the extent that it is technologically feasible, they may make changes
to their typo-eyeball capture mechanism to once again reclaim the eyeballs,
and the revenue.
Given the estimates of the size of the "purse", they will likely try very
hard to maintain the revenue stream.

While Microsoft's changes affect only IE, which is end-system software,
Verisign's changes will affect part of the core infrastructure of the

When Verisign launches its counter-measure, it will be intended to
the detection mechanisms added to IE. Sadly, it will likely also
circumvent the
detection mechanisms added to third party protocols and services.

While the fight is between Microsoft and Verisign for the revenue from
capturing typo-eyeballs,
every time Verisign launches a new counter-measure, every protocol
and service will have to analyze the change and take appropriate action.

The typo-eyeball revenue estimates are substantial.

It is unlikely that either direct combatant will concede defeat.

Thus, there will be perpetual damage to innocent third parties.

Bob Enger

Since I was not at the meeting, just read the press accounts, I am interested in this. I got the distinct impression that, although "professional", Verisign was making an effort to keep things on a purely technical track. And then afterwards claimed that "nothing broke" since Joe User could get to www.[webpage].com.

This is not the attitude of someone trying to work through the process to a mutual resolution. It is the attitude of someone who is trying to work the process so they can claim some type of validity to their (pre-determined) decision.

As someone who was there, would you care to comment on my impression? Happy to be wrong, I certainly would love it if Verisign is actually doing "the right thing".

I would call it dishonest. An analogy might be the curator for the Louvre
walking right up to the Mona Lisa in broad daylight, taking it, selling it
for personal gain, then, when questioned by incredulous onlookers, calmly
stating that it is his property to sell.

Bold, yes, honest?