ietf
[Top] [All Lists]

Re: [Fwd: [Asrg] Verisign: All Your Misspelling Are Belong To Us]

2003-09-16 07:37:11
    verisign is masking the difference between a valid domain and
    NXDOMAIN for all protocols, all users, and all software.

If you read the Verisign documentation (which is quite excellent by the
way) on what they did and what they recommend you will see that they
thought about this.

their mistake is in assuming that they can respond appropriately for
all ports - particularly when the association of applications with
known ports is only advisory, and many ports are open for arbitrary use.

in fact, a 550 response in SMTP is a different condition from NXDOMAIN,
and sometimes the difference is important - as the spam filter folks
have discovered.

Although taking note of the returned IP address and reacting accordingly
is roughly equivalent to DNS NXDOMAIN.  It just requires an extra step
and more importantly a patched application.  Would have been nice to get
some advance notice even if there are other TLDs that have been doing
this for some time.  

"nice" is not a word that seems to apply to forcing the entire net to have to
patch its applications and libraries just because verisign decided to make
inappropriate assertions about unregistered domains.   that's like calling
a mugger "nice" because he talks to you politely while he takes your wallet
at gunpoint.

It is worth noting that if we are to "pass judgement against" Verisign
there are at least half-dozen other TLDs that blazed the trail.  We just
overlooked them because of their size as compared to .NET and .COM.

not only their size, but their scope also.




<Prev in Thread] Current Thread [Next in Thread>