| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jonathan at nuclearelephant.com (Jonathan A. Zdziarski) Subject: Verisign abusing .COM/.NET monopoly, BIND releases new There's a link to a great rant about this in an article I wrote up today about Verisign's Anti-Competitive history at http://www.nuclearelephant.com/papers/verisign.html. A few key points the author of the rant hits on is that Verisign implemented this virtually overnight with no input whatsoever from the operations community. As a result, it broke a lot of things such as Anti-Spam tools that reject mail from nonexistent domains, intercepts passwords and other URL information misdirected to a nonexistent site or unreachable sites, and sitefinder apparently has an open SMTP relay as well. In my own article, I had started to make mention about making both practical and legal moves towards creating a non-profit organization to manage a centralized top-level registry + a new set of root servers with a _predefined set of rules_ all registry subscribers (domain registries) must adhere to or risk being removed. As I read more about some of the whacked-on-drugs things Verisign has done recently, I'm beginning to think we need to move on something like this a lot quicker than we have been. The InterNIC wasn't perfect, but they certainly weren't commercialized in the way Verisign is now. The Internet now being a commercial enterprise, root servers and TLDs should by no means be in the hands of a for-profit corporation.
Powered by blists - more mailing lists