CircleID

Keep up the good work, Steve. Don't let the paper tiger VeriSign try to bully the committee.

One point VeriSign likes to attempt to make is that the report lacked "data" to back its positions. However it was very clear from the nearly 20,000 signatures (or "conspirators", in VeriSign-speak) on the Stop VeriSign DNS Abuse petition that there was overwhelming opposition to SiteFinder. Furthermore, nearly all the correspondence and comments were negative. Not just mildly negative, either—folks were vehement in their opposition to VeriSign's abusive behaviour.

Have you tried to get VeriSign to comment? They've tried to brush aside those comments, pidgeon-holing them as unrepresentative, but I think the comments are far more persuasive than the unscientific and biased polling they had conducted (everyone knows how easy it is to get a desired result through "framing" the series of questions; one can get any desired result, as demonstrated vividly in a classic episode of Yes, Prime Minister).

Has the SSAC considered recommending to the Board that a "Consensus Policy" be enacted, to ensure with certainty that wildcards cannot be introduced, as registries must comply with consensus policies?? I'm sure it would get the supermajority required from the various constituencies of the GNSO (save for the VeriSign-dominated gTLD registries constituency).

One other thing—has there been any effort exerted by ICANN to get back the money VeriSign received from their abuse of wildcarding?

Dear Steve,

I was hoping that ICANN would establish a forum for public comments on your Report.  But this forum will do.

I represent one of the 15 other tld's (PW) that use the wildcard mechanism: the group is listed in one of the report's footnotes.

The SSAC report clearly represents a thorough investigaton and analysis of Verisign's use of the wildcard in com and net.  It certainly helps advance the understanding of the various issues involved.

But, aside from the footnote mentioned above, there is little discussion on how the other 15 tld's are using the wildcard mechanism.  I presume this is because, in fact, there was little investigation or analysis of how the other 15 tld's were using the wildcard mechanism.

I was therefore surprised to see the recommendation that use of the wildcard mechanism be phased out across in other tld's besides com and net.  This recommendation does not appear to be substantiated anywhere in the body of the report.

I realize that your recommendations are qualified ("whose contents are primarily delegations and glue and where delelgations cross organizational boundaries.."), however, most readers will fail to see this distinction. 

Instead, most readers will naturally conclude, as did an analysis distributed on the GAC list, that all use of the wildcard mechanism across the other 15 tld's should be phased out.

The implication is that use of the wildcard mechanism by these 15 tld's somehow threatens the security and stability of the internet.

Clearly this is not the case.

I suggest that recommendations regarding the other 15 tld's should be removed from the report, since these specific tld's and their uses of the wildcard mechanism were not investigated or analyzed as part of the effort.  Correct me if I am wrong about this and you can share additional analysis with us.

In its place, I would propose that a review process be established, whereby tld managers have the opportunity to explain and demonstrate how their use of the wildcard mechanism does not and would not threaten the stability of the internet.

Through this type of dialogue, there can be continued creative use of the wildcard mechanism by tld operators in conjunction with industry review to ensure security and stability is not being compromised.

This week, PW Registry opened a 30-day public comment period on its plans for the PW tld.  This includes our use of the wildcard mechanism.  We welcome any and all comments regarding our use of wildcarding as well as other policies.  These can be submitted publicly or privately.  Public comments may be made at http://forums.pwregistry.pw

Best Regards,

Thomas Barrett
Pw Registry Corp.
www.pwregistry.pw

It's interesting what this report doesn't say.

This report doesn't say that VeriSign actually breached any contracts or laws. The report criticizes VeriSign for violating certain expectations and assumptions--VeriSign violated "fundamental Internet engineering principles," "accepted codes of conduct" and "established practices," meaning that VeriSign "undermined expectations about reliable behavior." But is that all? If so, it is tantamount to saying that "we wish VeriSign hadn't done this, even though they were legally free to do so."

This report also doesn't address how end users felt about the wildcarding service. Isn't that an important inquiry? If end users like wildcarding and find it helpful, shouldn't that be considered? 

Responding to George Kirikos on his suggestion that a "Consensus Policy" be developed, our fourth recommendation concerning introduction of changes did indeed include consensus as one of the criteria.

Responding to Thomas Barrett, we've recommended use of wild cards be phased out in the TLDs that are currently using them. We recognize this is a sensitive matter and we debated it at length. We definitely do not want to cause harm or perturbation. At the same time, it became evident that using wild cards in the general way has unfortunate side effects. We separated this recommendation from our prior one that wild cards not be introduced into TLDs where they do not already exist because we recognize this situation requires separate treatment. We expect in most cases there are other ways for a TLD to accomplish its goals, and we, among others in the technical community, are available to work with you and the other TLD operators.

Responding to Eric Goldman, we specifically did not speak to the contractual issues because that's outside the scope of our committee. We are an advisory committee on security and stability matters. Contractual matters are handled by the ICANN. Our report does not imply VeriSign is legally free to do what it did, but it's not our job to speak to that issue.

With respect to how users felt about the service, we documented that a large number of users were displaced and disrupted by the change. VeriSign argued that a large number of users liked the change. That's not quite the right basis for these kinds of decisions. Equivalent service has been available for a long time through plug-ins in browsers without disturbing the underlying functionality of the domain name system. Moreover, the user can choose whether or not to use such plug-ins, whereas a change deep inside the domain name system results in an imposition on all users without their concurrence.