Re: [registrars] Verisign change to operation of the .com DNS lookup service

[Eric Brunner-Williams in Portland Maine <brunner@xxxxxxxxxxx>]

Longish, in pieces, intended to "help" with the polish(ing).

FYI #1	discussion of this is now taking place on 
	IETF IETF list: ietf@xxxxxxxx
	IETF DNS Ops list: dnsop@xxxxxxxx, see draft-ohta-broken-tld--1.txt
	IRTF Anti-spam list: asrg@xxxxxxxx,
	and some other more implementation specific (niche) lists.

FYI #2	At Montevideo (when I worked for Neu* and got roped into working the
	XML with Louis Touton and Cary Karp for .museum), Cary asked me about
	the wildcard hack. I told him it would put a lot of junk back on his
	servers. Without assigning blame, the focus of attention then for that
	registry-registrar relationship was dominated by non-technical issues.

	There are about 10 other TLDs that also have *.tld records.

FYI #3	Patches for bind, versions 9.1.3 and 9.2.2 have been posted by ISC
	this morning,
		"to filter out "wildcard" or "synthesized" data from ...
		 authoritative name servers ...".
	A patches for version 8.4.1 (not by ISC) has been posted as well.

	Declan McCullagh as written on this, see
	http://news.com.com/2100-1032_3-5077530.html

FYI #4	The discussion of expections (below) may help with the polishing,
	which is why I began this note, and why this is the next to last
	FYI in this note is just one of those things.

-------- Original Message --------
Subject: Re: [Fwd: [Asrg] Verisign: All Your Misspelling Are Belong To Us]
Date: 17 Sep 2003 02:32:42 +0000
From: Paul Vixie <vixie@xxxxxxx>
To: ietf@xxxxxxxx
References: <Pine.WNT.4.51.0309161004490.2996@xxxxxxxxxxxxxxxxx>

 > It is worth noting that if we are to "pass judgement against" Verisign
 > there are at least half-dozen other TLDs that blazed the trail.  We just
 > overlooked them because of their size as compared to .NET and .COM.

when people started beating on my phone ringer about wildcards yesterday
evening, and screaming for patches to bind to somehow make it all better,
i asked "but other tld's do this, what's the big deal?"  as near as i can
figure it, the problem is one of expectation.  if someone signs up for .nu
they know there'll be a wildcard there before they sign, and they can take
appropriate precautions (like only using it for web or e-mail, and not
naming hosts under that tld).  the expectations for .com and .net to not
have wildcards were all set many years ago, and it's the violation of those
expectations that's got people angry enough to publish patchware about it.
-- 
Paul Vixie


FYI #5	This problem showed up in China when broken UTF8 (MS bug) caused
	all IE browser "misses" to use overseas bandwidth to send packets
	(resolution hacks) to Redmond, then Redwood City, then Reston, for
	domain-name-like things (keywords and pseudo IDNs). This was very
	high on CNNIC's list of things to fix when I worked the Neu*/CNNIC
	deal, summer-fall of 2001.

Cheers,
Eric