Verisign vs. ICANN

Anything I/we can do to help the cause?

not at the moment. i'm not a defendant, just a named co-conspirator.

Hah? Are they also naming individually all the dns operators that installed
bind patch and specifically enabled it so that wildcards would not work?

For that matter why don't they just name entire NANOG! I remember what a
reaction there was on the list and 100% of those responding were purely
negative of Verisign wildcards.

For that matter why don't they just name entire NANOG! I remember what a
reaction there was on the list and 100% of those responding were purely
negative of Verisign wildcards.

Hmm,

I remember a whole lot of really irrational and really unhelpful
replies. Granted, there were some well thought out replies sprinkled in
there, but I dunno if I want to be grouped with all of the other posters.

> ... i'm not a defendant, just a named co-conspirator.

Hah? Are they also naming individually all the dns operators that installed
bind patch and specifically enabled it so that wildcards would not work?

the lawsuit doesn't mention the bind patch. they seem to be upset about my
work on the ICANN Security and Stability Advisory Committee. what their
"First Amended Complaint" says about me is that:

        Paul Vixie is a Site Finder co-conspirator [...].

        Paul Vixie is an existing provider of competitive services for
        registry operations, including providing TLD domain name hosting
        services for ccTLDs and gTLDs, and a competitor of VeriSign for
        new registry operations. [...]

(y'know, i'd pay Real Money for Adobe Acrobat Professional for SuSE 9.1/amd64,
by which i could scan-convert PDF files instead of typing in stuff by hand --
my win32 laptop has more than 70 days of downtime and i'm going for 3 digits.)

verisign's official position throughout the sitefinder launch was that "users
are free to disable it if they want to." they did NOT want this characterized
as them shoving their sitefinder service down anybody's unwilling throat. so
i don't expect any action to occur against folks who installed a BIND patch.

while i'm not qualified to give myself legal advice, it looks like they're
trying to get their complaint qualified, which requires the existence of a
"conspiracy to restrain", which requires the existence of "co-conspirators."
i guess verisign needs to qualify me as a conspirator, so i have to be called
a "competitor". ain't the u.s. legal system just grand, though?

Date: 18 Jun 2004 05:58:00 +0000
From: Paul Vixie

        Paul Vixie is an existing provider of competitive services for
        registry operations, including providing TLD domain name hosting
        services for ccTLDs and gTLDs, and a competitor of VeriSign for
        new registry operations. [...]

I'm missing something. By what stretch of whose imagination does
root nameserver operations compete with a registrar?

Eddy

Date: Fri, 18 Jun 2004 16:16:07 +0000 (GMT)
From: Edward B. Dreger

I'm missing something. By what stretch of whose imagination
does root nameserver operations compete with a registrar?

Apologies for replying to my own post. I just had a [sinister]
thought: I've typed ".cmo" a few times when using a qwerty
keyboard. Does NetSol think it has some strange exclusive right
to hijack TLDs, too?

Eddy, who wonders if NetSol will "do the SCOX thing" shortly

> Paul Vixie is an existing provider of competitive services for
> registry operations, including providing TLD domain name hosting
> services for ccTLDs and gTLDs, and a competitor of VeriSign for
> new registry operations. [...]

I'm missing something. By what stretch of whose imagination does
root nameserver operations compete with a registrar?

i think they mean ns-ext.isc.org (or its old name, ns-ext.vix.com), which
offers "TLD hosting" without fee to about 60 domains:

   % awk '/^zone/ { print $2 }' slave_tld.zones | sed 's/"//g' | fmt
   ac ae ao bg br com.br ca cd cl cz cv gov.fj fr hn hr io il ac.il co.il
   gov.il k12.il muni.il net.il org.il in co.in ernet.in org.in ac.in
   res.in gov.in mil.in net.in firm.in gen.in ind.in is museum md na com.na
   nl np com.np edu.np org.np mil.np net.np gov.np nr biz.nr com.nr edu.nr
   gov.nr info.nr net.nr org.nr pt ro sh tm za si sk co.zw aq pn ug

if it's not that, then perhaps they're just smoking crack.

(note for TLD folks... we're trying to collect the whole set, we're missing
the last 200 or so, give us a call, tsig preferred.)

Date: 18 Jun 2004 16:44:41 +0000
From: Paul Vixie

i think they mean ns-ext.isc.org (or its old name, ns-ext.vix.com),
which offers "TLD hosting" without fee to about 60 domains:

[ snip ]

if it's not that, then perhaps they're just smoking crack.

Still a bit of a stretch. They receive money for registered
domains (and attempted to for unregistered domains) in the .COM
and .NET namespaces. If you're offering the same, you've done a
very poor job capturing market share.

Although IMHO not related due to differences in service
offerings, this reminds me of Microsoft's argument that, although
Sun and Corel had hardly any market share, they were competitors.
Has there ever been any official ruling on size requirements for
one to be considered competition?

Eddy

> if it's not that, then perhaps they're just smoking crack.

Still a bit of a stretch. They receive money for registered domains (and
attempted to for unregistered domains) in the .COM and .NET namespaces.

my employer was a bidder for .ORG, and gives away EPP software ("ISC
OpenReg"), so there's some overlap with the registry/registrar community
that verisign might be thinking of.

Date: 18 Jun 2004 17:25:08 +0000
From: Paul Vixie

my employer was a bidder for .ORG, and gives away EPP
software ("ISC OpenReg"), so there's some overlap with the
registry/registrar community that verisign might be thinking
of.

I don't know about OpenReg, and can't comment on it. Bidding for
.ORG still doesn't make sense -- if my employer makes a bid for
Ford, which doesn't go through, are we suddenly competing with
GM? (No, we don't make cars.)

Eddy

Um, unless I really missed something during this whole episode, that
was the only way TO disable it.

Have the roots recurse and put a wildcard in for anything that does not resolve.

Makes Paul a ... well, not a competitor, 'cause that would imply they were in competition. If the roots put in the wild card, the GTLDs cannot compete.

Patrick W Gilmore wrote:

<SNIP>
> Um, unless I really missed something during this whole episode, that
> was the only way TO disable it.

Have the roots recurse and put a wildcard in for anything that does not
resolve.

Makes Paul a ... well, not a competitor, 'cause that would imply they
were in competition. If the roots put in the wild card, the GTLDs
cannot compete.

Geee, we block sitefinder's ip both inbound and outbound at our border router...

I wonder what that makes us? A competitor? A conspirator? A saboteur? ???

Jon Kibler

It is amazing that one psrson Paul Vixie could be so
intimidating that he must be intimidated and maligned
as a conspirator in order to eliminate him as a
potential threat because of his knowledge.....

I find that pretty ironic that a billion dollar
corporation is that weak.

-Henry

Didn't Verisign sell off the Registrar stuff, thus making OpenReg not
a competitor?

Owen

i've watched (or maybe helped) a thread susan didn't like morph into a
different thread that susan's probably not liking much either. hit D now.

oh well, i warned you.

ariel@fireball.tau.ac.il (Ariel Biener) writes:

...
This, in my own humble opinion, climbs slowly but surely to the levels of
being ridiculous. Paul did exactly what any good vendor would do. If many
customers or users asked for a feature, the vendor would issue the
feature. It is the administrators choice to use the feature. As such, it
is not the vendors fault in any way.

verisign's first amended complaint (now reachable at www.icann.org, i'm told)
does not mention BIND or patches to BIND at all. but For The Record, it was
not simply end-user demand that drove "the wildcard patch". end-users have
often asked for things that were protocol violations and been told "no" --
for example, the alternate root whackos with their "multiple root patches".
of course BIND is very free as software goes -- it's not GPL'd or anything --
so it's perfectly forkable as codebases go. ISC cherishes its relevance,
and the thing that caused "the wildcard patch" to be published was the very
real threat by several very credible people to fork BIND unless there was
an official patch "Real Soon Now". THAT is why there was a "wildcard patch."

patrick@ianai.net (Patrick W Gilmore) writes:

...
Have the roots recurse and put a wildcard in for anything that does not
resolve. > Makes Paul a ... well, not a competitor, 'cause that would
imply they were in competition. If the roots put in the wild card, the
GTLDs cannot compete.

i have absolutely no influence over the content of the root zone. i can't
even get an AAAA RR added for the glue NS used by 50 or 60 TLD's. but if i
had any influence over the root zone, i would use it to prevent a wildcard
from ever being added. (i like my nxdomains straight up, no ice, no soda.)

hrlinneweh@sbcglobal.net (Henry Linneweh) writes:

...
It is amazing that one psrson Paul Vixie could be so intimidating that he
must be intimidated and maligned as a conspirator in order to eliminate
him as a potential threat because of his knowledge.....

i'm not sure verisign cares whether they intimidate me or not. they just
need to prove that a conspiracy is restraining competition, in order to
prevent their complaint against icann from being dismissed. which means
they had to declare that somebody was a co-conspirator, and i was available.
this is not about me at all, other than by proximity -- it's about icann.

(read it only today, so sorry if I repeat something).

The technical roots of the problem are: proposed services VIOLATES internet
specification (which is 100% clean - if name do not exist, resolver must
receive negative response). So, technically, there is not any ground for
SiteFinder - vice versa,
now you can add client-level search SiteFinder (MS did it, and it took LOONG
to turn off their dumb 'search' redirect) so allowing
competition between ISP, browsers and so on.

Anyway, please - those who knows history and can read this 'official'
English (little bored) - I am sure, that we can find many inconsistencies in
the filing; it may be reasonable to provide a set of independent _technical_
reviews, showing that ICANN plays a role of technical authority, just do not
allowing to violate a protocols. For the second case (waiting lists), it is
not technical issue, but it is anti-competitional attempt from Verisign as
well. I can ask my Russian folks to review it as well (dr. Platonov, Dimitry
Burkov) but I am not sure, if it is of any use... Anyway, good review,
explaining history and revealing real ICANN role, should be done.

If VeriSign wish to deploy services - they must put thru new RFC first.

PS. I am excited - Vixie as a co-conspirator... Vixie, you can be proud -:).

Alexei Roudnev

> Date: 18 Jun 2004 05:58:00 +0000
> From: Paul Vixie

> Paul Vixie is an existing provider of competitive services for
> registry operations, including providing TLD domain name

hosting

> services for ccTLDs and gTLDs, and a competitor of VeriSign

for

Hi Alexei,
I do not believe there is any technical spec prohibiting this, in fact that DNS
can use a wildcard at any level is what enables the facility. I think this is a
non-technical argument.. altho it was demonstrated that owing to the age and
status of the com/net zones a number of systems are now in operation which make
assumptions about the response in the event of the domain not existing...

Steve

Hmm; this is technical argument. If you request bookk.com domain, and such
domain do not exists, you must know it.
if you wish to get 'best match', your can programm client to ask something
like

  bookk.com-search

or

  bookk.com-search.microsoft.com

or

  bookk.com-search-in-russian.relcom.net

(additional service).

Notice, that unwanted service (search in Verisign) violates ALL this cases,
making impossible flexible,
competitive processing of such requests,

Just again - DNS design, by RFC, do not include someone who thinks for you
and guess, whcih exactly name are you requesting. I request 'A for
bookk.com' , answer may be 'This is it' or 'NOT, DO NOT EXISTS' only.

So, this is not political - this is technical ; Verisign wish to violate
Internet, ICANN refuse to allow it, Verisign get angry and pay for shameless
lawyers (no one lawyer can be shamefull).

Other items from this lawsuite may have another classification (I did not
investigate), but for 'name guess' service, it is 100% clean - this is
violation. Internet is based on numerous compromises (such as TCP slow tart)
and numerous rules (such as DNS resolver, MTU size, AS path propogation and
so on) and it is very unwise to allow commercial company violate any rule
without overall agreement.

The best solution, btw, could be to dismiss Verisign as a .COM registry -
they was granted a permission to register, violate rules, so what.. no
permission anymore. Unfortuinately, this is too unrealistic by political
reasons. ICANN is nort obligated to grant this permission to Verisign
specifically.

Hi Alexei,
I do not believe there is any technical spec prohibiting this, in fact

that DNS

can use a wildcard at any level is what enables the facility. I think this

is a

non-technical argument.. altho it was demonstrated that owing to the age

and

status of the com/net zones a number of systems are now in operation which

make

assumptions about the response in the event of the domain not existing...

Steve

>
> (read it only today, so sorry if I repeat something).
>
> The technical roots of the problem are: proposed services VIOLATES

internet

> specification (which is 100% clean - if name do not exist, resolver must
> receive negative response). So, technically, there is not any ground for
> SiteFinder - vice versa,
> now you can add client-level search SiteFinder (MS did it, and it took

LOONG

> to turn off their dumb 'search' redirect) so allowing
> competition between ISP, browsers and so on.
>
> Anyway, please - those who knows history and can read this 'official'
> English (little bored) - I am sure, that we can find many

inconsistencies in

> the filing; it may be reasonable to provide a set of independent

_technical_

> reviews, showing that ICANN plays a role of technical authority, just do

not

> allowing to violate a protocols. For the second case (waiting lists), it

is

> not technical issue, but it is anti-competitional attempt from Verisign

as

> well. I can ask my Russian folks to review it as well (dr. Platonov,

Dimitry

> Burkov) but I am not sure, if it is of any use... Anyway, good review,
> explaining history and revealing real ICANN role, should be done.
>
> If VeriSign wish to deploy services - they must put thru new RFC first.
>
> PS. I am excited - Vixie as a co-conspirator... Vixie, you can be

proud -:).

>
> Alexei Roudnev
>
>
>
>
> >
> > > Date: 18 Jun 2004 05:58:00 +0000
> > > From: Paul Vixie
> >
> > > Paul Vixie is an existing provider of competitive services

for

> > > registry operations, including providing TLD domain name
> hosting
> > > services for ccTLDs and gTLDs, and a competitor of

VeriSign