Re: Verisign abusing .COM/.NET monopoly

Date view	Thread view	Subject view	Author view	Attachment view

From: Mike Friedman (mikef_at_ack.berkeley.edu)
Date: Wed Sep 17 2003 - 10:12:42 PDT

Next message: Greg Small: "Re: Verisign abusing .COM/.NET monopoly"
Previous message: John Ives: "[windows-hied]: INFORMATION ONLY: MS03-039 exploit now live (fwd)"
In reply to: rossd_at_cns.me.berkeley.edu: "Verisign abusing .COM/.NET monopoly"
Next in thread: Michael Sinatra: "Re: Verisign abusing .COM/.NET monopoly"
Reply: Michael Sinatra: "Re: Verisign abusing .COM/.NET monopoly"

On Wed Sep 17 09:36:59 2003, rossd_at_cns.me.berkeley.edu said:

> For those who haven't heard, Verisign mucked with their root servers by
> implementing a new system which redirects any non-existant domains or hosts
> that are not responding to their own servers and apparently did it with
> no more than an hour or two notification and no input from the Internet
> community.
>
> This has already be shown to break the following:
>
> Many anti-spam tools have broken as a result of nonexistent domains now
> appearing to exist. Passwords and other private information that are
> accidentally sent to the wrong URL or a nonresponsive URL will go through
> Verisign's servers SMTP (outgoing mail) is apparently listening on all
> nonexistent domains or nonresponsive hosts.

Ross,

With respect to one issue raised by VeriSign's reported action:

An IETF draft document released today discusses the pitfalls of servers
implementing default actions that bypass what otherwise might be seen
as normal 'errors', thereby potentially preventing client software from
handling exceptional conditions intelligently. The draft can be found here:

http://www.ietf.org/internet-drafts/draft-main-typo-wcard-00.txt

Of course the reported VeriSign action raises more significant questions, as
pointed out in the article to which you referred:

http://www.nuclearelephant.com/papers/verisign.html

Mike

------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef_at_ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.

Next message: Greg Small: "Re: Verisign abusing .COM/.NET monopoly"
Previous message: John Ives: "[windows-hied]: INFORMATION ONLY: MS03-039 exploit now live (fwd)"
In reply to: rossd_at_cns.me.berkeley.edu: "Verisign abusing .COM/.NET monopoly"
Next in thread: Michael Sinatra: "Re: Verisign abusing .COM/.NET monopoly"
Reply: Michael Sinatra: "Re: Verisign abusing .COM/.NET monopoly"

Date view	Thread view	Subject view	Author view	Attachment view

This archive was generated by hypermail 2.1.5 : Wed Sep 17 2003 - 10:16:04 PDT