Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    Verisign/NSI Reactions to Sclavos Interview
    posted by michael on Friday October 17 2003, @09:52AM

    We got some reactions to the News.com interview with VeriSign CEO Stratton Sclavos. Here's a couple of them.

    NetWizard got excited by this quote:
    Still, a lot of people in the Internet community were quite surprised by Site Finder--and then you had complaints surfacing that it was not complying to approved standards.
    and wrote in, "The second claim, that we brought it out without testing--Site Finder had been operational since March or April, and we had been testing it with individual companies and with the DNS traffic at large. Ninety-nine percent of the traffic is pure HTTP (Hypertext Transport Protocol), and so it handles it the way it should. Just so you know, our customer service lines went from 800 or 900 calls on the first day to almost zero right now. For every customer who had a Site Finder issue, the remediation took less than 12 hours.

    First of all, 90% of traffic is HTTP yet many email and spam systems where broken due to a non-compliant SMTP server, hmm... And second, it took more than 12 hours to replace the server with a compliant one, it actually took several days. Note the phrase "For every customer" which seems not to include the regular Internet folks and us at the IRTF."

    Rick F writes "One interesting tidbit: in talking about root server DDOS vulnerabilities, Sclavos says "The reason the root server problem was a big one was because they were attacking the underbelly of the addressing system. Yes, we could have lived 24 to 48 hours. You could say that in that time, we can fix anything--but maybe not. Microsoft was down for four days with a much simpler denial-of-service attack."

    Two brief comments on that: If VRSN can't deploy alternate root servers within 48 hours or less, or if it doesn't have alternate/backup root server ips already in the master zone file, they shouldn't be in the root-server operations business - that's just common sense and a function of the third principle of effective network security (availability). Second, Microsoft's outage was because some network engineer in Redmond parked all their DNS boxes behind the same router on the same piece of cable. Had their DNS servers been distributed across the net, those 4 days would have been a non-event. Stratton's mixing apples-and-oranges by using MS' outage as an example. That had nothing to do with rootservers and everything to do with human stupidity.

    Interestingly, Sclavos does the FUD-furthering Chicken Little thing - "We sure as hell don't need the digital equivalent of 9/11 to convince us we need to have a better digital infrastructure." So we can add him to our list of Internet fear-mongerers."

      ICANNWatch Login  


    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

      Related Links  
    · VeriSign/NSI
    · NetWizard
    · Rick F
    · News.com interview with VeriSign CEO Stratton Sclavos
    · More Verisign/NSI stories
    · Also by michael
    This discussion has been archived. No new comments can be posted.
    Reactions to Sclavos Interview | Log in/Create an Account | Top | 5 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    Competition, eh?
    by cambler (chris@ambler.net) on Friday October 17 2003, @12:54PM (#12495)
    User #36 Info | http://onthenet.ambler.net/
    From the interview...
    Four years later, things are very much changed. Domain names have been flat for the longest time. If I were in ICANN's shoes, I'd want to put forth a charter of promoting innovation, stability and competition. It was really designed to promote competition, and frankly, it did it haphazardly, because it was in such a rush.

    I couldn't agree more. How about we start with real competition for .com? Stratton? Can I count on you to give some public support for IOD's .Web registry now?



    Ambler On The Net [ambler.net]

    [ Reply to This | Parent ]
    Fear Mongering?
    by ldg on Saturday October 18 2003, @12:01PM (#12502)
    User #2935 Info | http://example.com/
    Interestingly, Sclavos does the FUD-furthering Chicken Little thing - "We sure as hell don't need the digital equivalent of 9/11 to convince us we need to have a better digital infrastructure." So we can add him to our list of Internet fear-mongerers."

    The net isn't going down even if all the USG root servers disappear. There are plenty of root servers out there with public DNS servers that anyone can use. There are also untold numbers of caching servers that will continue to function regardless of whether the 13 servers in USG root server system are functioning.

    That is not my fear. I am more afraid of the types of "innoovations" contemplated by Verisign and those of the same ilk. Tampering with the core protocols that the net relies upon is a road map for instability. That's the issue, not whether the root itself is unstable. It really isn't. The management may be unstable if it allows the core to be tampered with.

    I can see VGRS taking control of the root and using wildcards for all TLDs, redirecting errors to their own servers or ICANN's. Talk about screwing up the entire world; that would do it nicely.

    VGRS inherited a contract to operate a registry as a public trust. That contract did not suggest that the operator could change the rules by which it is governed. It is not supposed to alter the way the DNS works and it rakes in $6 per registration or renewal. NSI was allowed to charge for registrations because they needed to recover costs. This is how the registry should be run, with a small profit margin to boot. VGRS now considers .com to be their own and further thinks they can make any changes they wish regardless of what - in their own words - "minor inconveniences" they may cause to others. They want to raise their bottom line and don't give a darn who it hurts. The cash cow they thought they had is no longer so robust, but they are stuck with it.

    Well, that's horse puckey. Dot-com is not the property of VGRS and never was. It was simply a contract to operate it. It is still "owned" by the USG and I hope it remains so. It is now very apparent that VGRS has no interest in the public, but just its bottom line. That's fine for the registrar, but not this registry. Mess with the registry for the largest domain in the world and you mess with all of us who rely upon it to operate the way it always has.

    It's time to find a new operator and show VGRS that it cannot take what does not belong to them and cannot abuse the trust that went with the contract. It is not there for VGRS to abuse it - or us.

    As for new registries, for profit or not, none of them should be using wildcards, but if they do from the outset, people at least know what they are buying into and DNS operators can block errnoenous errors based on standards. That's a choice to be made at the edges, not the core. If a registry chooses to use non-standard methods, they need to be prepared to not be accepted.

    ICANN should have known better than to accept registries that use wildcards rather than delegation. Instead they opted to allow their contracted registries to circumvent known practices and standards. What did it achieve? Chaos.

    [ Reply to This | Parent ]

    Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com