On Thu, 18 Sep 2003, Keith Moore wrote:
this breaks anything that assumes (quite reasonably)
that query to a a nonexistent domain will return NXDOMAIN.
That an invalid assumption to make. It was not made quite reasonably,
but rather was made quite irrationally. In many or most cases, it was
]
Subject: Re: [Fwd: [Asrg] Verisign: All Your Misspelling Are Belong To
Us]
At 2:14 PM +0200 9/18/03, Francis Dupont wrote:
= IMHO it should reject SMTP connection from the beginning with the
521 greeting described in RFC 1846...
People are unhappy about VeriSign breaking the rules. But here you
Yakov Shafranovich writes:
Just to follow up on this - I just spoke to an engineer at Verisign
and he informed me that the SMTP daemon is being replaced in a few
hours with an RFC-compliant one. As for not giving a warning - this
came from a higher policy level at Verisign and he is just an
In your previous mail you wrote:
People, have you been reading the posts? The stubby SMTP daemon is not
an SMTP server, it is simply a program that returns the following set of
responses TO ANYTHING THAT IS PASSED TO IT.
= IMHO it should reject SMTP connection from the beginning
At 2:14 PM +0200 9/18/03, Francis Dupont wrote:
= IMHO it should reject SMTP connection from the beginning with
the 521 greeting described in RFC 1846...
People are unhappy about VeriSign breaking the rules. But here you
are proposing that they follow an *experimental* RFC whose rules were
not
On Thu, 18 Sep 2003 09:22:15 -0700
Paul Hoffman / IMC [EMAIL PROTECTED] wrote:
At 2:14 PM +0200 9/18/03, Francis Dupont wrote:
= IMHO it should reject SMTP connection from the beginning with
the 521 greeting described in RFC 1846...
People are unhappy about VeriSign breaking the rules. But
PROTECTED] On Behalf Of Paul
Vixie
Sent: Tuesday, September 16, 2003 7:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [Fwd: [Asrg] Verisign: All Your Misspelling Are Belong To
Us]
It is worth noting that if we are to pass judgement against Verisign
there are at least half-dozen other TLDs that blazed
Bill
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul
Vixie
Sent: Tuesday, September 16, 2003 7:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [Fwd: [Asrg] Verisign: All Your Misspelling Are Belong To
Us]
It is worth noting that if we
Paul Vixie [EMAIL PROTECTED] writes:
By the way, what about .museum?
.museum does not delegate all of its subdomains.
not all tld's are delegation-only.
I know. I have to admit that (as someone who grew up under .de) I
would never have thought of the delegation-only approach. 8-)
Carl;
http://www.isc.org/products/BIND/delegation-only.html
As I just post to DNSOP WG ML (detailed discussion should be done
there), it is not an effective protection against synthesised (from
wildcared NS, in this case) NS and synthesised (from scratch) child
zone contents.
A protection is
Because noone can stop them doing it, apparently...
On Tue, Sep 16, 2003 at 12:43:35AM -0400, Keith Moore wrote:
so now verisign is deliberately misrepresenting DNS results.
why are these people allowed to live?
Today VeriSign is adding a wildcard A record to the .com and .net
zones.
This is, as already noted, very dangerous. We in the IETF must work to
put a stop to this attempt to turn the DNS into a directory service,
and quickly. I suggest the following courses of action, to be taken
in parallel
Zefram [EMAIL PROTECTED] writes:
1. Via ICANN, instruct Verisign to remove the wildcard.
By the way, what about .museum?
On Tue, 16 Sep 2003, Zefram wrote:
... I suggest the following courses of action, to be taken
in parallel and immediately:
1. Via ICANN, instruct Verisign to remove the wildcard.
It isn't clear that this power is vested in ICANN. There is a complicated
arrangement of Cooperative
On dinsdag, sep 16, 2003, at 12:25 Europe/Amsterdam, Karl Auerbach
wrote:
1. Via ICANN, instruct Verisign to remove the wildcard.
It isn't clear that this power is vested in ICANN. There is a
complicated
arrangement of Cooperative Agreements, MOUs, CRADAs, and Purchase
Orders
that exist
By-the-way, Neulevel (.us and .biz) did an experiment along these
lines
back in May of this year. It was short lived. At the time I thought
it
was a bad thing, and I still do. And at the time I wrote and sent to
the
ICANN board an evaluation of the risks of that experiment.
.nu have been
Is it any worse than IE taking you to msn search when a domain doesn't
resolve? Or worse than Mozilla taking you to Netscape, duplicating a
Google search, and opening a sidebar (and a netscape search) you didn't
want?
I think it isn't.
And people shouldn't be using Reverse DNS for spam checks,
Dean Anderson wrote:
Is it any worse than IE taking you to msn search when a domain doesn't
resolve? Or worse than Mozilla taking you to Netscape, duplicating a
Google search, and opening a sidebar (and a netscape search) you didn't
want?
Yes, it is worse. Much worse. There is a fundamental
Is it any worse than IE taking you to msn search when a domain doesn't
resolve?
yes. if an app that interfaces to humans masks the difference between an
invalid domain and a valid one, it only affects people who use that particluar
app. however for other apps the difference between an
: [Fwd: [Asrg] Verisign: All Your Misspelling Are Belong To
Us]
Dean Anderson wrote:
Is it any worse than IE taking you to msn search when a domain
doesn't
resolve? Or worse than Mozilla taking you to Netscape, duplicating
a
Google search, and opening a sidebar (and a netscape search) you
On Tue, 16 Sep 2003 09:24:27 EDT, Keith Moore said:
verisign is masking the difference between a valid domain and NXDOMAIN for
all protocols, all users, and all software.
Out of curiosity, where did Verisign get the right to have the advertising monopoly
for all the eyeballs they'll attract
Valdis writes:
Out of curiosity, where did Verisign get the right
to have the advertising monopoly for all the eyeballs
they'll attract with this?
They didn't.
And there's even a way for individuals to stop it: Type an incorrect
spelling for a famous trademark. When Verisign puts up its
From: [EMAIL PROTECTED]
Out of curiosity, where did Verisign get the right to have the advertising monopoly
for all the eyeballs they'll attract with this?
What eyeballs? I doubt I'm among the first 1,000,000 people to adjust
junk pop-op or other defenses to treat sitefinder.verisign.com
On Tue, 16 Sep 2003, Keith Moore wrote:
their mistake is in assuming that they can respond appropriately for
all ports - particularly when the association of applications with
known ports is only advisory, and many ports are open for arbitrary
use.
Agreed but this is overstating
On Tue, 16 Sep 2003, Bill Sommerfeld wrote:
IMHO it was irresponsible of them to do this without several months
advance notice to allow authors of automated systems which depended
on NXDOMAIN queries to notice this and without a stable documented
way to reconstitute the NXDOMAIN
James M Galvin wrote:
On Tue, 16 Sep 2003, Keith Moore wrote:
verisign is masking the difference between a valid domain and
NXDOMAIN for all protocols, all users, and all software.
If you read the Verisign documentation (which is quite excellent by the
way) on what they did and what they
their mistake is in assuming that they can respond appropriately
for all ports - particularly when the association of applications
with known ports is only advisory, and many ports are open for
arbitrary use.
Agreed but this is overstating the issue since interoperability
Just to follow up on this - I just spoke to an engineer at Verisign and
he informed me that the SMTP daemon is being replaced in a few hours
with an RFC-compliant one. As for not giving a warning - this came from
a higher policy level at Verisign and he is just an engineer.
Yakov
Yakov
On Tue, 16 Sep 2003, Keith Moore wrote:
their mistake is in assuming that they can respond appropriately
for all ports - particularly when the association of applications
with known ports is only advisory, and many ports are open for
arbitrary use.
From: James M Galvin [EMAIL PROTECTED]
...
Correct me if I'm wrong, the principle disruption -- and I want to
emphasize disruption here -- I've seen is that a particular spam
indicator no longer works as expected. Is there more to this than that?
...
The list I've seen is:
- failing to
On Tue, 16 Sep 2003 15:19:47 EDT, James M Galvin said:
But what exactly is the screw here?
Verisign was (as far as I knew) given *stewardship* of the .com and .net zones
as a public trust. I don't see anywhere they were given the right to use their
stewardship to try to make money selling typo
Jim writes:
Correct me if I'm wrong, the principle disruption -- and I want to
emphasize disruption here -- I've seen is that a particular spam
indicator no longer works as expected. Is there more to this than that?
You could make many random DNS requests of a DNS server and flush the cache,
only the app (not the entire network) needs to know which port to
use, and this doesn't require that every port be assigned to a
specific app.
You can't have it both ways. Either the app is so widespread that the
port in use is at least a de facto standard or it is a de jure
By the way, what about .museum?
.museum does not delegate all of its subdomains.
not all tld's are delegation-only.
--
Paul Vixie
On Tue, 16 Sep 2003 [EMAIL PROTECTED] wrote:
But what exactly is the screw here?
Verisign was (as far as I knew) given *stewardship* of the .com and
.net zones as a public trust. I don't see anywhere they were given
the right to use their stewardship to try to make money
On Tue, 16 Sep 2003, Vernon Schryver wrote:
From: James M Galvin [EMAIL PROTECTED]
...
Correct me if I'm wrong, the principle disruption -- and I want to
emphasize disruption here -- I've seen is that a particular spam
indicator no longer works as expected. Is there more to this
An excellent question! But that is a discussion that belongs with
ICANN, not the IETF.
Jim
Jim,
that would be true if the ICANN were functioning and this event is just
proof that the ICANN does not function.
the mission of ICANN (my paraphrase) is Technical Administration of
Internet
So the question boils down to: Are they owners of .com, or merely
caretakers?
An excellent question! But that is a discussion that belongs with
ICANN, not the IETF.
Nearly my reaction as well. Note, using the concept of ownership
has/will get quite some
interesting point. if we created a new gTLD and announced that it would be
wildcarded from day one, it wouldn't be used in the same way as the other
gTLDs.
then again, do we really want different ways of reporting errors for
different zones in the DNS? would apps then want to special-case
% Blech.
%
% If it's Tuesday, this must be .belgium?
%
% A non-starter. *MAYBE* if it were a different RR with different semantics.
This may be exactly what we get w/ a patch from ISC.
If BIND is offically tweeked so that some zone cuts are
allowed to exercise legal
% On Wed, 17 Sep 2003 00:00:14 EDT, Keith Moore said:
%
% then again, do we really want different ways of reporting errors for
% different zones in the DNS? would apps then want to special-case
% certain zones to interpret their results differently than the others?
%
% Blech.
%
% If it's
I am forwarding this message from the ASRG list. If you haven't heard it
yet, Verisign has activated their typos DNS service for .COM and .NET.
Original Message
Subject: [Asrg] Verisign: All Your Misspelling Are Belong To Us
Date: Tue, 16 Sep 2003 03:10:52 +0200
From: Brad
This is outrageous, both in breaking DNS, and in abusing monopoly
power.
Other references:
http://gnso.icann.org/mailing-lists/archives/ga/msg00311.html
http://www.icann.org/correspondence/lynn-message-to-iab-06jan03.htm
http://www.merit.edu/mail.archives/nanog/2003-01/msg00050.html
What
so now verisign is deliberately misrepresenting DNS results.
why are these people allowed to live?
44 matches
Mail list logo
