lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200310161217.33602.jeremiah@nur.net>
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: VeriSign to revive redirect service - Declan's Peice

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VeriSign to revive redirect service
 By Declan McCullagh 
 Staff Writer, CNET News.com
 http://news.com.com/2100-1038-5092133.html 

 Story last modified October 15, 2003, 5:23 PM PDT 

VeriSign will give a 30- to 60-day notice before resuming a controversial and 
temporarily suspended feature that redirected many .com and .net domains, 
company representatives said Wednesday. 

Speaking before an unusual gathering of technical experts in Washington, D.C., 
VeriSign said its own re-evaluation of its Site Finder redirection service 
found "no identified security or stability problems." When it was active, 
Site Finder added a "wild card" for .com and .net domains that snared queries 
to nonexistent Internet sites and forwarded them to VeriSign's own servers. 

News.context

What's new:

VeriSign said it will give at least 30 days notice before it resumes its 
controversial feature that redirects many .com and .net domains

Bottom line:

VeriSign said it would address specific criticisms by adding foreign language 
support to Site Finder and tweaking the way e-mail to nonexistent domains 
worked. 

That confused some antispam filters and other network utilities, a side effect 
that VeriSign downplayed on Wednesday by arguing that Site Finder's benefits 
to end users--a search screen instead of an error message--outweighed the 
costs to network administrators. "One of the segments of the community that 
has not been looked at in this whole issue, in my opinion, is the user 
community," VeriSign Vice President Chuck Gomes said. "They're very 
relevant." 

In a presentation, VeriSign said that 35 companies were confidentially briefed 
about Site Finder before its debut and they reported "no issues" or problems 
before its launch on Sept. 15. Its own expert group--including the chief 
technology officers of Brightmail and Morgan Stanley--reviewed Site Finder 
and decided that most issues were "minor or inconvenient," VeriSign said. 
Before resuming Site Finder, VeriSign said it would address specific 
criticisms by adding foreign language support to Site Finder and tweaking the 
way e-mail to nonexistent domains worked. 

VeriSign's Matt Larson, who spoke at the meeting organized by the Security and 
Stability Advisory Committee of the Internet Corporation for Assigned Names 
and Numbers (ICANN), said a poll paid for by his company showed 84 percent of 
U.S. citizens surveyed had a "preference" in favor of Site Finder. ICANN is 
the California nonprofit group that has an agreement with the U.S. government 
to oversee some aspects of Internet addressing and successfully pressured 
VeriSign to halt Site Finder on Oct. 3. 

But Gomes and Larson, under intense questioning from ICANN committee members, 
refused to release details about the methodology of the survey such as the 
questions asked and the responses received. "The actual feedback we got 
directly from doing the survey is proprietary information," Larson said. 

Committee Chairman Stephen Crocker, a veteran of many Internet standards 
groups, suggested those details would be necessary to evaluate the results. 
"It's not a matter of stacking the deck," he said. "It's what are you 
measuring." 

Crocker's questions, along with queries from Ram Mohan of Afilias, a domain 
name registry, prompted an angry reaction from VeriSign representatives. 

Gomes said: "I'm utterly clueless about how what we've been talking about for 
the last few minutes has to do with security and stability"--the ICANN 
committee's mandate. 

Larson suggested that "you guys don't think consumers are relevant" and that 
committee members were unduly focused on the travails of network operators 
affected by the Site Finder changes. 

"We're going to have to stop this discussion and turn to a different venue," 
Larson said. 

The ICANN committee held an earlier meeting on Site Finder on Oct. 7. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/ju7KJi2cv3XsiSARAmYRAKCPRAXLOi3ZBtGSghwnPbSlxvEN9gCg+tuN
HY2bZxNmUgXKJLAiV4mCB8Q=
=5S4o
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ