Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    Security Keith Teare's Iconoclastic Take on the SiteFinder Report
    posted by michael on Thursday July 22 2004, @05:23PM

    Keith Teare has his own, unique, take on the Sitefinder report. He says it's all wet because,
    The 63 million owned domains rarely have active support for most protocols. Most do not even have a web site using the http protocol. All that VeriSign’s SiteFinder did was to turn many more domains into the equivalent of “live domains”, in other words ones which behave like many of the 63 million domains already active. Just like real domains they became live but did not support all protocols.

    If SiteFinder breaks the Internet in any way, it certainly is the case that normal domain name practice also does this.

    I'd love to hear what the technical crowd makes of this.

      ICANNWatch Login  


    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

      Related Links  
    · VeriSign/NSI
    · his own, unique, take on the Sitefinder report
    · More Security stories
    · Also by michael
    This discussion has been archived. No new comments can be posted.
    Keith Teare's Iconoclastic Take on the SiteFinder Report | Log in/Create an Account | Top | 21 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    by tbyfield ({tbyfield} {at} {panix.com}) on Thursday July 22 2004, @09:09PM (#14004)
    User #44 Info
    Since when does registering a domain require the registrant to support any, most, or all protocols some, most, or all of the time?
    [ Reply to This | Parent ]
    Security involves economics
    by GeorgeK on Thursday July 22 2004, @09:28PM (#14006)
    User #3191 Info | http://www.kirikos.com/
    [I saw the piece on CircleID first, so my comments are the same]

    Security isn't an absolute concept -- it's a relative one.

    I'm entirely happy with a system that would cost on the order of $6*(37)^60 per year (or more) to "break", just as I'd be happy with a $10 bicycle lock protecting a $500 bike that would cost $75,000 for an attacker to cut through. Indeed, I'd be happy to see someone go ahead and spend the money to prove Keith right. The fact that they don't proves that his point is invalid, as economics is part of the security equation. I'm sure Bruce Schneier [schneier.com] has made the same point on numerous occasions in his newsletters (that's where I'm sure I picked up the concept years ago), but it's a bit too late tonight for me to find a reference.

    SiteFinder is bad for a large number of other reasons besides security, as one can read in the almost 20,000 petition signatures at Stop VeriSign DNS Abuse [whois.sc]. One reason that's important to people like myself who are concerned about competition is that VeriSign is getting those domains for free under their dream scenario, giving it an advantage solely due to it's monopoly. That's an abuse of its monopoly, and outside of the scope of the Registry agreement. As one person had noted, it would be like the company who was contracted to clean the highways decided to earn some extra money by putting up signs along the highway too, without authorization. SiteFinder is worse, because of all the cost-shifting it causes on third parties.

    Another concern is the massive typosquatting that SiteFinder is taking advantage of, diluting the value of the PAYING domain registrants. Furthermore, because there is no WHOIS for those domains, under VeriSign's dream scenario, they'd not be liable under UDRP, etc. Since a lot of the damage is of the nature of "death by a thousand cuts" (i.e. $2/yr here, $1/yr there $0.06 yr elsewhere), the individual damage from each domain that is typosquatted on is small, but added up (on the order of 37^60), it becomes hundreds of millions of dollars worth of damage to the worldwide community (i.e. enough traffic to vault SiteFinder into the top 20 internet sites in the world is a lot of typos). The non-zero price of domain registrations prevents a lot of typosquatting, because it would become uneconomic. As any economist will tell you, a lot of bad things can and will happen if something is made "free". "Limit"-case solutions can be ugly.

    Keith is still listed on the board of directors of SnapNames [snapnames.com], which has an interest in keeping favourable relations with VeriSign, due to WLS [fightwls.com]. I remember the good old days of SnapNames and the WLS debate, when SnapNames employees were visiting my website almost everyday. I don't see many hits from them anymore, as they've really scaled back to a skeleton crew, and reduced their product offerings, as they take a beating from Pool.com, eNom, Namewinner and other competitors. RealNames was another disappointment. Join the winning team, Keith, against SiteFinder, as 3-strikes and you're out, and so far the count isn't looking too good. :)
    [ Reply to This | Parent ]
    • 1 reply beneath your current threshold.
    If the scribe record is still posted
    by Mueller ({mueller} {at} {syr.edu}) on Friday July 23 2004, @01:48AM (#14007)
    User #2901 Info | http://istweb.syr.edu/~mueller/
    ...take a look at Vint Cerf's response to Teare.
    [ Reply to This | Parent ]
    Re:Apply Keith Teare's Point to the .BIZ Contracts
    by Richard Tindal on Sunday July 25 2004, @09:18PM (#14031)
    User #4003 Info
    Actually, the usage rates for BIZ are remarkably close to that of COM. You may not think COM is a good 'role model' for usage, but I did want to provide some facts for BIZ relative to COM.

    This data comes from a recent (June/July 2004), independent study of both the BIZ and COM spaces. It was presented at last week's ICANN meeting in Malaysia.

    In BIZ, 31% of all registered names resolve to discrete, websites with actual content. In COM this is 33%. In BIZ 17% of names are re-directed to another URL (i.e. the names are used to drive traffic). In COM this is 31%. In BIZ 20% of names resolve to a 'parked' (under construction) site. In COM this is 8%. Finally, in BIZ, 32% of names don't resolve at all. In COM this is 28%.

    The key differences are that COM has a lot more re-directed names and a lot fewer parked names. We think this is due to large 'traffic generation' purchases in COM and, in the case of 'parked' names, to a number of BIZ customers who are earlier in their website development cycle.

    In the context of the threads above, the 32% of BIZ names that don't resolve are the ones purchased defensively by 'protectors' (very few of these 32% are speculative names -- the study showed less than 1% of BIZ names are actively 'for sale').

    While a 32% rate for non-resolving names is quite high, it is very common in most TLDs. The good news (for us) it that non-resolving names are declining over time as a percentage of all names.
    The proportion of names that resolve to discrete, content-filled BIZ websites increased by 52% since we did a similar study 18 months ago. The other piece of good news is that almost all sites are used for commercial activity (i.e. there are extremely few 'personal' or 'non-commercial' sites).

    Hope this is useful. Our conclusion is that BIZ is creating reasonable and increasing utility as a TLD.

    Richard Tindal
    Neulevel Registry
    [ Reply to This | Parent ]
  • 4 replies beneath your current threshold.

  • Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com