Home | Projects | Library | Blog
Verisign Wildcard Issue
On September 15 2003, Verisign, the company that control the .com and .net TLD servers, added a wildcard to both domains. The wildcard resolved to a Verisign IP address that was assigned to a system they called sitefinder. If the connection was on port 80 (http), sitefinder would return a web page that acted like a search engine. Since this was a change to the fundamental workings of DNS, ICANN felt it necessary to look into the issue (furthermore many members of the community were livid and there was a public outcry). I was recruited by ICANN's Security and Stability subcommittee to help sort through the feedback that ICANN was getting, and help compile it into reabable reports. Below is some background information and most of the reports to date.

An Abridged Chronological History:

  • 9/15/2003 Verisign announces and implements sitefinder
  • Best Practices
  • Implementation
    •
    From here on out Verisign begins to take a lot of flak from the community, including various network operator groups, technical forums, and others. The secsac comments box (which I am reading) begins to get a significant amount of email regarding the wildcard, almost all of it unfavorable.
  • 9/19/2003 ICANN asks Verisign to voluntarily suspend the sitefinder service
  • 9/21/2003 Verisign says no
    • ICANN decides that its Security and Stability committee will hold hearings on the effects of Verisign's wildcard on the security and stability of the internet.
  • 10/3/2003 ICANN insists that Verisign terminate the wildcard.
  • 10/3/2003 Verisign complies
  • 10/7/2003 Secsac meeting on the effects of the wildcard
    • Verisign was not happy with the first meeting. Even before it happened there were acusations of bias. It was decided that a second meeting would be held which would focus largely on the rsearch that Verisign had done and the data they had collected.
  • 10/7/2003 Second meeting held by secsac. I would like to present here the same comment box summary that I gave to the secsac committee for the conferenceAlthouh the final output may not look like much in a table, keep in mind that I had to read each one of those 281 e-mails.
    • A call went out to the community in general for more hard data on the effects of the wildcard. Secsac committee mebers are also working on drafting an outline of a final proposal.
  • 10/20/2003 Verisign makes a presentation at the North American Network operators Group meeting (NANOG). Suzanne Woolf of the Internet Software Consortium also gave a presentation which discussed some of the problems with sitefinder. There are also streaming video feeds available from the NANOG conference page.

  • 11/03/2003 Secsac issues its final report on the wildcard issue and ICANN demands that verisign hal tthe wildcard.

  • 2/26/2004 Verisign sued ICANN saying that ICANN overstepped its bounds when ordering Verisign to halt its sitefinder activities. You can also read part 1 and part 2 of the lawsuit.

  • 3/04/2004 Bob Parsons, the CEO of godaddy, one of the 3 largest domain name registrars in the world and one of VeriSign's largest customers, sat down for an Interview with circleID. He goes over the issues really well and provides some good insight.


    • The Players:

  • ICANN
  • Verisign
  • Security and Stability committee
  • Sitefinder itself (currently offline)
    •

    More Background info:

  • ICANN's info page on the wildcard deployment
  • Google news search for stories about the wildcard.
    •
    		 td>
    comments