[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)

To: iab@ietf.org, iesg@ietf.org
Subject: [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)
From: Steve Bellovin <smb@research.att.com>
Date: Tue, 14 Oct 2003 12:01:18 -0400

Does anyone have anything useful to say to secsac on this?
Reply to me; I'll forward.


------- Forwarded Message

Return-Path: <owner-secsac@icann.org>
Received: from 127.0.0.1 [127.0.0.1]
	by localhost with IMAP (fetchmail-6.2.4)
	for smb@localhost (single-drop); Tue, 14 Oct 2003 06:47:28 -0400 (EDT)
Received: via tmail-2000(13) for smb; Tue, 14 Oct 2003 06:44:35 -0400 (EDT)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102])
	by bigmail.research.att.com (8.11.6+Sun/8.11.6) with ESMTP id h9EAiZZ18920
	for <smb@bigmail.research.att.com>; Tue, 14 Oct 2003 06:44:35 -0400 (EDT)
Received: by mail-blue.research.att.com (Postfix)
	id 8E1F0B8352; Tue, 14 Oct 2003 06:36:54 -0400 (EDT)
Delivered-To: smb@research.att.com
Received: by mail-blue.research.att.com (Postfix, from userid 612)
	id 8084DB835A; Tue, 14 Oct 2003 06:36:54 -0400 (EDT)
Received: from janus (fpfw.research.att.com [135.207.1.2])
	by mail-blue.research.att.com (Postfix) with SMTP id A50B3B8352
	for <smb@research.att.com>; Tue, 14 Oct 2003 06:36:53 -0400 (EDT)
Received: from mail-pink.research.att.com ([192.20.225.111]) by janus; Tue, 14 Oct 2003 06:44:34 -0400 (EDT)
Received: from greenriver.icann.org (greenriver.icann.org [192.0.35.121])
	by mail-pink.research.att.com (Postfix) with ESMTP id 1074E582CC
	for <smb@research.att.com>; Tue, 14 Oct 2003 06:40:44 -0400 (EDT)
Received: (from majordomo@localhost)
	by greenriver.icann.org (8.11.6/8.11.6) id h9EAhOB07538;
	Tue, 14 Oct 2003 03:43:24 -0700
Received: from pechora.icann.org (pechora.icann.org [192.0.34.35])
	by greenriver.icann.org (8.11.6/8.11.6) with ESMTP id h9EAhOb07535
	for <secsac@greenriver.icann.org>; Tue, 14 Oct 2003 03:43:24 -0700
Received: from EXECDSL.COM (ns.execdsl.net [208.184.15.238])
	by pechora.icann.org (8.11.6/8.11.6) with ESMTP id h9EAjDW16094
	for <secsac@icann.org>; Tue, 14 Oct 2003 03:45:13 -0700
Received: from [66.92.150.17] (HELO SCROCKER)
  by EXECDSL.COM (CommuniGate Pro SMTP 3.3)
  with ESMTP id 5620069; Tue, 14 Oct 2003 06:43:23 -0400
From: "Steve Crocker" <steve@stevecrocker.com>
To: <secsac@icann.org>
Subject: [secsac] RE: Verisign SiteFinder DNS trickery and IDN
Date: Tue, 14 Oct 2003 06:42:41 -0400
Message-ID: <007b01c3923f$e49c7680$0affa8c0@SCROCKER>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <Pine.GSO.4.58.0310132334010.5993@hilton.cec.wustl.edu>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
Importance: Normal
X-MIME-Autoconverted: from quoted-printable to 8bit by greenriver.icann.org id h9EAhOb07536
Sender: owner-secsac@icann.org
Precedence: discussion
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by bigmail.research.att.com id h9EAiZZ18920
X-Spam-Status: No, hits=-6.3 required=5.0
	tests=BAYES_10,IN_REP_TO,QUOTED_EMAIL_TEXT
	version=2.55
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

SECSAC folks,

My goodness!  See Dag Øien's message below re interaction betwene wild
cards and IDN.  This is definitely tangled.

It seems to me we need to ask VeriSign about this, but I don't enough
knowledge to pose the question or interpret the answer.  Who is familiar
with the IDN impmlementation?  John?

Thanks,

Steve

> -----Original Message-----
> From: Ari E-B [mailto:Ari@Elias-Bachrach.com] 
> Sent: Tuesday, October 14, 2003 12:36 AM
> To: steve@shinkuro.com; pmott@gwu.edu; galvin@elistx.com; 
> mstjohns@mindspring.com
> Subject: Re: Verisign SiteFinder DNS trickery and IDN
> 
> 
> Does the wildcard kill Internationalized domain names?
> and just for reference: 
> http://www.ietf.org/internet-drafts/draft-hoffman-rfc3490bis-00.txt
> 
> On Thu, 25 Sep 2003, [ISO-8859-1] Dag Øien wrote:
> 
> > Hello
> >
> > I would like you to investigate the confusion Verisign' 
> SiteFinder DNS 
> > trickery creates when the international internet community 
> now is on 
> > the brink of introducing IDN.
> >
> > It seems to me that Verisign's DNS trickery will create 
> more confusion 
> > for developers trying to implement IDN into their 
> applications and DNS 
> > resolvers.
> >
> >
> > I own the domain oien.net. My last name is actually Øien with an 
> > O-slash, so I have also registered the domain name 
> øien.net, which in 
> > Verisign's IDN-testbed was encoded bq--ad4gszlo.net. However this 
> > domain name never actually resolved in DNS, but now 
> resolves to some 
> > non-functional Verisign service. bq--ad4gszlo.mltbd.net resolves in 
> > DNS to the correct hyp.net nameservers. By the way of 
> Verisign's DNS 
> > trickery, DNS-queries to øien.net - using ISO-8859-1 charset in the 
> > query - currently resolves to some Verisign service. Soon 
> > bq--ad4gszlo.net is to be converted into the correct punycode
> > translation: xn--ien-zna.net. After the conversion it may not yet 
> > resolve in DNS. Queries to www.bq--ad4gszlo.net might lead me to 
> > SiteFinder, perhaps - depending on the trcks employed by Verisign.
> >
> > Trying to figure out DNS now requires one to keep track of 
> the various 
> > business practice tricks implemented by Verisign. This is 
> not ideal in 
> > normal circumstances, and specially not now when the world 
> is finally 
> > racing to implement IDN properly in DNS.
> >
> > My opinion is that Verisign is a threat to the stability of 
> the .com 
> > and .net zones, and that their tricks combined with the 
> introduction 
> > of IDN risk returning ambiguous or incorrect data in a time of 
> > critical importance for the implementation of IDN, and 
> mislead people 
> > to non-functional Verisign web-services confusing potential 
> users even 
> > more.
> >
> > This is a scandal, really. My opinion is that Verisign should 
> > immidiately ordered to stop their DNS-trickeries, and 
> should as soon 
> > as possible be relieved of their duties maintaining the 
> root zones for 
> > .com and .net.
> >
> >
> > regards
> >
> > Dag Øien, Oslo, Norway
> >
> 



------- End of Forwarded Message



		--Steve Bellovin, http://www.research.att.com/~smb

Follow-Ups:
- Re: [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)
  - From: Patrik Fältström <paf@cisco.com>

Prev by Date: Re: Appeal to the IAB on the site-local issue
Next by Date: mailing lists for pre-BoFs?
Previous by thread: Comments on draft-vida-mld-v2-07
Next by thread: Re: [secsac] RE: Verisign SiteFinder DNS trickery and IDN (Forwarded)
Index(es):
- Date
- Thread