On Tue, 16 Sep 2003, Zefram wrote:
... I suggest the following courses of action, to be taken
in parallel and immediately:
1. Via ICANN, instruct Verisign to remove the wildcard.
It isn't clear that this power is vested in ICANN. There is a complicated
arrangement of Cooperative Agreements, MOUs, CRADAs, and Purchase Orders
that exist between various agencies of the US Department of Commerce
(including NTIA, NIST, and others) and ICANN and Verisign/NSI.
This web of agreements is sufficiently complicated that often really isn't
exactly clear who can compel Verisign/NSI on any particular point. In
fact it may well be that the power may not exist. Or it may take a lot of
legal dollars and time to press the issue.
To make the situation even less clear, there is, I believe, no statement
in the relevant Internet Standards docucuments that clearly rules out this
kind of wildcarding. (Yes, I think we can all agree that this particular
use of wildcarding *is* a bad thing, I'm simply pointing out that to those
who are not technically grounded in DNS matters, that without a clear
prohibition in the Internet Standards, the matter isn't so obvious.)
By-the-way, Neulevel (.us and .biz) did an "experiment" along these lines
back in May of this year. It was short lived. At the time I thought it
was a bad thing, and I still do. And at the time I wrote and sent to the
ICANN board an evaluation of the risks of that "experiment."
--karl--