[council] Revised Resolution regarding Verisign Registry Site Finder Service

["Cade,Marilyn S - LGCRP" <mcade@xxxxxxx>]

Dear fellow Councilors and liaisons

Given input from some other councilors, other events of relevance, I am 
submitting a modified version of my earlier resolution to Council. The intent 
of the resolution is to establish Council's interest and concern; to show the 
Council's support to Board and President, and to the Security and Stability 
Advisory Committee for their actions to date, and to indicate the Council's 
commitment to participate fully in all processes to better understand the 
impact of new registry level service on the DNS and Internet, and to advise the 
Board of the intent of Council to undertake any relevant and appropriate work 
related policy development.



--

"Whereas, the primary and overriding imperative to ICANN's mission is the 
stability and reliability of the global DNS and the  Internet. All entities of 
ICANN share responsibility to consider reliable, predictable, secure, and 
stable operation of the DNS and the Internet infrastructure in the development 
of any policies, or any changes in operations or introduction of new services. 

Whereas, the global Internet is dependent upon standards and design principles 
and practices that are undertaken and agreed to by the private sector through 
collegial and bottom up, consensus based processes. 

Whereas, on September 15, 2003, VeriSign Registry introduced a wild card 
registry service into .com and .net zones that creates a registry-synthesized 
address record in response to look ups of domain names that are not present in 
the zone. This registry service changes the routing of traffic by directing 
traffic that would have otherwise resulted in a 'no domain' notification to the 
"sender" to a VeriSign operated web site with search results and links to paid 
advertisements.

Whereas this change creates the appearance that any possible string of letters 
is a "live" domain, a significant operational change with many implications 
that are not yet fully understood. The VeriSign server also substantially 
changes the way email is queued, routed, and responded to in the .com and .net 
domains; presenting burdens on ISPs and network connectivity providers of all 
sizes. 

Whereas applications developed to rely on a RCODE 3 response for a non existing 
domain have been negatively affected by this change. 

Whereas work around at the routing and at the DNS level have been deployed by 
various members of the community to stop the effect of the wildcards. 

Whereas, concerns have been expressed by many in the community that wildcards 
in such significant zones negatively affects the stability of the DNS. 

Whereas complaints have been received about the service and its harmful and 
burdensome impact on other service providers and  including but not limited to: 
anti-Spam software is being negatively affected.

Whereas, there was no notice, comment, nor consultation with affected 
infrastructure entities by Verisign Registry.

Whereas, significant questions of harm to the stability and reliability of the 
Internet are raised in a variety of technical forums

Whereas the IAB commentary published its architectural Concerns on the use of 
DNS wildcards on 19 September 2003. 

Whereas VeriSign Registry on 21 September 2003, responded to Paul Twomey, 
President and CEO, ICANN, acknowledging ICANN's advisory and declining to 
suspend the service until they (VeriSign) has an opportunity to collect and 
review available data. 

Whereas the Security and Stability Advisory Committee, 22 September 2003,has 
published its recommendations related to the service advising that the 
stability of the Internet has been considerably weakened through the 
introduction of ambiguous and inaccurate responses in the DNS, calling on 
Verisign to voluntarily suspend the service and participate in the various 
review processes now underway and on ICANN to examine the procedures of change 
in service, including provisions to protect users from abrupt changes in 
service.

Therefore, the gNSO Council:

Supports ICANN's actions to
1) monitor community reaction and experiences with the new registry service
2) request advice from the Security and Stability Advisory Committee and from 
the IAB on the impact of change introduced by the registry service of VeriSign
3) encourages broad participation by the community in the upcoming meeting 
hosted by the Security and Stability Advisory Committee
4) pledges its members support for the upcoming meeting

Requests that ICANN 
1) provide a ruling of whether this service is a registry level service, in 
violation of existing accreditation agreements and if so, take  immediate 
appropriate steps to end the service until required process is undertaken; 
4) in any event, obtain a suspension of the service until the various reviews 
on the service are completed and presented to ICANN, whether through voluntary 
or involuntary means 

Pledges to 
1) work cooperatively to ensure full opportunity to fully understand the 
service, its implications for the DNS, and what steps are needed for 
retroactively addressing service introduction, and proactively present a 
recommendation regarding the need for a formal notice and comment process in 
the introduction of new services at the registry level via undertaking a PDP.

 




*