The following text is copyright 2003 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

 

Priorities: Greed before a functioning Internet

 

By Scott Bradner

 

My hope and hopeful expectation is that by the time this column gets published common sense or the voice of authority will have won out over greed and Verisign will have stopped hijacking .com and .net.  Even if my hopes are fulfilled this episode has been an important lesson on the requirement to not trust the wellbeing of the Internet to people who so easily put their greed in front of all other considerations.

 

I'll give a bit of background for those of you who have been to busy following the California recall election debacle to pay attention to what's going on with the Internet.  On Monday September 15th Versign, the operator of the .com and .net domain name registries, changed the data in their database in such a way that whenever anyone looked up the domain name that did not exist the IP address of a Verisign server was returned instead of the server responding that the domain did not exist. Verisign explained what they were doing in a white paper (http://www.verisign.com/resources/gd/sitefinder/implementation.pdf

).  To someone using a web browser the result of the changes Verisign made may not be all that obvious.  If you make a typo in a URL you get shown a Versign web page that lets you search for the site you were trying to get to.  This is about the same thing that users of some browsers were already getting when they mistyped a URL with the difference being that the web page is now a Versign one rather than one selected by the browser company.

 

But the Internet is more than just the web.  There are thousands of applications that also use the Internet with more or less user interaction.  Now all of these applications will get redirected to the Versign server when there is a problem with the domain name.  Versign only tried to deal with web and email traffic, and they dealt with email in a way that broke a number of systems that try to eliminate spam.  All of the other applications will now mysteriously fail with no notice to the users.

 

As you might expect, Versign's change set off a firestorm in Internet techie circles.  There were over 500 messages to the nanog list (http://www.nanog.org/mailinglist.html) on the topic in less than a week - almost all of which expressed very strong views against Versign's actions.  Later in the week the IETF's Internet Architecture Board (IAB) and ICANN (the folk who are supposed to be overseeing the domain name system) weighed in with their views, also negative. (http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html and http://www.icann.org/announcements/advisory-19sep03.htm)  Software updates are already being distributed to counteract Verisign's changes.

 

One can reasonably ask how a change that affected so much of the Internet could be installed without any sort of advance discussion.  Verisign did it because they had <ITAL>could</ITAL> do it -- they control the databases.  Apparently the question of whether they <ITAL>should</ITAL> do it never entered their minds.  Verisign felt they knew what was best for Verisign -- they have said that they hope to make money redirecting the typos -- what was best for the Internet was apparently irrelevant.

 

One big lesson that must be learned from this episode, however it finally turns out, is that organizations or people in positions of responsibility in the Internet infrastructure must be worthy of our trust.  We now have a case study of what happens when this is not the case.

 

disclaimer:  Arrogance is not a stranger at Harvard but, even at Harvard, Versign would stand out - that said, the above is my own arrogant(?) view.