[FUGSPBR] off - verisign

Marcus Voloch bsd2 em voloch.net
Sáb Set 20 08:27:29 BRT 2003


Pessoal, completamente off, mas leiam (está em ingles) o que a Verisign está
faznedo. Isso me emputeceu muito.

pra vcs terem uma ideia, digitem aí

ping kegjitrjgieftykjfnvskrepfwkperkferohjtgityjhoijewpfokw.com e veja o que
dá

ou abram seu browser e digitem um endereço inexistente (.com ou .net) e veja
onde vai cair...

---------------
VeriSign redirects error pages
Last modified: September 16, 2003, 3:31 PM PDT
By Declan McCullagh
Staff Writer, CNET News.com


Criticism is quickly growing over VeriSign's surprise decision to take
control of all unassigned .com and .net domain names, a move that has
wreaked havoc on many e-mail utilities and antispam filters.
On Monday, VeriSign began to redirect domain lookups for misspelled or
nonexistent names to its own site, a process that has confused Internet
e-mail utilities and drawn angry denunciations of the company's business
practices from frustrated network administrators. The Mountain View,
Calif.-based company enjoys a government-granted monopoly as the master
database administrator for .com and .net.
VeriSign's new policy is intended to generate more advertising revenue from
additional visitors to its network of Web sites. But the change has had the
side effect of rewiring a portion of the Internet that software designers
always had expected to behave a certain way, snarling antispam mechanisms
that check to see if the sender's domain exists, complicating the analysis
of network problems, and possibly even polluting search engine results.
A representative for VeriSign did not respond to a request for comment
Tuesday. On Monday, VeriSign released an eight-page paper describing the
implementation of its "Site Finder" program, saying it "improves the user
Web-browsing experience when the user has submitted a query for a
nonexistent second-level domain in the .com and .net second-level
domains...(Previously) his or her Web browser returned an error message that
contained no useful information."
In an unusual kind of grassroots movement, some network administrators have
begun to invent and launch technical countermeasures against VeriSign. A
discussion thread on the North American Network Operators' Group mailing
list was titled "What *are* they smoking?" and offered technical tips on how
to configure routers and servers to block access to VeriSign's site, so Web
users would receive the traditional "nonexistent domain" error message.
"There are already modifications to BIND software to take responses that
contain that VeriSign address and turn it into a nonexistent domain error,"
Karl Auerbach, a veteran Internet engineer and former board member of the
Internet Corporation for Assigned Names and Numbers (ICANN), said about the
standard utility used for domain name lookups. "There are also several
Internet service provider-type people dealing with routing information who
are already talking about blocking (the VeriSign site). I believe some
have."
VeriSign is not the first domain-name company to try to profit from typos
and errors, but because .com and .net represent such a huge percentage of
Internet names, its decisions have the most profound impact. Some of the
other top-level domains that have adopted a similar policy include .cc,
.museum, .nu, .ph, .tm and .ws. Microsoft's Internet Explorer also returns a
similar error message and search box, but because the redirection is
performed by the end user's computer, the effect is limited.
The antispam foil
Yakov Shafranovich, co-chair of the Anti-Spam Research Group organized under
the Internet Research Task Force, said some spam blockers are being thrown
for a loop, because the computer that VeriSign uses to respond to misspelled
or nonexistent domains is misconfigured. The VeriSign software--named the
"Snubby Mail Rejector Daemon v1.3"--does not follow Internet standards,
Shafranovich said. He also warned the VeriSign change was creating
problems--for example, leading some older versions of SpamAssassin to view
the entire Internet as a source of spam.
"Some of the antispam tools in our group broke because of this,"
Shafranovich said. "They put up an SMTP server, but it's not a real SMTP
server."
One post to an Internet Engineering Task Force mailing list quipped: "This
certainly qualifies as 'most broken SMTP implementation ever.' Will the
protocol police please send out a squad car to pick up the suspects?" SMTP
stands for the Simple Mail Transport Protocol, the Internet's workhorse
standard.
 VeriSign's decision, which was done without consulting the Internet
standards groups, came just a few days after the U.S. Federal Trade
Commission accused the company of deceptive business practices for sending
"domain name expiration notices" to competitors' customers in early 2002.
Neither ICANN, which in principle oversees VeriSign's actions as the domain
name registrar, nor the U.S. Department of Commerce, which has a contract
with VeriSign, responded to requests for comment.
An ICANN representative said, "We have no comment at this time, but I hope
that we'll have something over the next few days."
A representative for the Commerce Department referred questions to ICANN and
VeriSign. The government's contract says VeriSign "shall take all reasonable
steps to ensure the continued...functionality and accessibility" of the
domain name registration system.
Auerbach said he strongly dislikes VeriSign's new policy, but he admits:
"ICANN and the Department of Commerce can't clearly say that (VeriSign is)
violating Internet standards. It's impossible for Internet standards to
enumerate all the dumb things you can do."
Critics say VeriSign's move evokes privacy and national security
implications as well. Because passwords sometimes are included after the
hostname in Web links, a misspelled domain name could transmit sensitive
information to the company. Also, because of the way network providers cache
domain name queries, VeriSign's policy means that it will take longer for
new domains to propagate--something that could be a problem if a Web site is
launched to deliver emergency information about an earthquake or a terrorist
attack, for example.
Earlier this year, VeriSign was dealt a harsh rebuke in a similar matter by
the highly regarded Internet Architecture Board. Referring to the Domain
Name System (DNS), the board's unanimous statement said: "The system
VeriSign had deployed for .com and .net contains significant DNS protocol
errors, risks the further development of secure DNS, and confuses the
resolution mechanisms of the DNS with application-based search systems."
VeriSign shares closed Tuesday at $15.81, up 4 cents.

_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/



Mais detalhes sobre a lista de discussão freebsd