Business

Domain minder Verisign operates on a trust basis

Wired on Friday: Verisign Inc is that rare thing: an internet political appointee

Danny O'Brien
Fri Sept 26 2003 - 01:00

Wired on Friday: Verisign Inc is that rare thing: an internet political appointee. The company has a unique monopoly bequeathed to it by the US government.

It retains responsibility for maintaining the global list of dotcom and dotnet addresses.

For many years, Verisign (or the firm it bought in 2000, Network Solutions) also took a cut of every dotcom registered in the world. It was responsible for the upkeep of these domains and also charged an entrance fee onto it.

These days, thanks to the determined lobbying, that right is not reserved to one company. But, after purchasing Network Solutions, Verisign still holds most of the business, and controls the more than 24 million dotcom and dotnet addresses.

READ MORE

It also retains the distrust that Network Solutions generated among Net users. Which is a problem, as Verisign is supposed to be the most trusted company on the Net. Its motto is "The Value of Trust".

It is Verisign's responsibility to ensure that whenever you go to, say, ireland.com, your computer is given the right address to visit. Think of it as a constant, automated, phone book service.

If it fails to do this, then potentially millions of domains would vanish overnight. Billions of dollars could be lost in inaccessible websites and delayed emails.

In this matter, the holder of the dotcom has not been flawless. In 1997, Network Solutions corrupted the central database for several hours, rendering thousands of sites unreachable. In 1999, Network Solutions managed to lose 18,000 domains in computer outage. Many complained that, by the time it had responded to complaints, other users had re-registered the domains - essentially stealing them.

While such database errors are rare, individual cases of disappearing domains appear with depressing regularity. In 2002, Leslie Harpold, a New York Net developer, had her fully paid up dotcom domain stolen when a stranger fraudulently applied for a transfer of the domain in her name. Verisign gave away her domain and refuses to discuss the matter. Indeed, under its contracts, Ms Harpold never owned the domain in the first place. Verisign rented it out to her and could do with it as it wished.

This may come as a surprise to firms who depend on domain ownership. It's behaviour like this that has historically bred so much distrust between Verisign and the Net.

Last week, Verisign recaptured those unhappier days. Without warning, it used its monopoly to change the behaviour of its master database - and by extension, the entire Net. Usually, when you type in a domain name that has not been registered - irelandd.com say - Verisign's database returns an error. As of last Monday, it started returning "64.94.110.11" - a number which points browsers to Verisign's own website. Anyone mistyping a domain is re-routed to Verisign. Mistyped email, too, is sent to Verisign's mailservers (although it is quickly bounced).

Verisign isn't the first to do this with its database . But introducing a trick like this into the most important domains, and without warning, has had some unexpected side-effects.

System monitoring software across the Net stopped working. Spam-catching software that checks for non-existent incoming email addresses no longer works. Outlook, Microsoft's email client, gives inaccurate error messages if you misconfigure it. And misspelled email, instead of being instantly signalled with an error message, is now silently sent to Verisign, before being returned.

And, of course, no-one has an option to avoid Verisign's new website. There are no alternative companies who provide domain name look-ups.

Network operators - from ISPs to major telcos and competing registrars - have registered their discontent.

The Internet Architecture Board - the closest the Net gets to a central design committee - publicly criticised the decision.

ICANN, the international body set up by the US government to oversee domain name issues, asked Verisign to suspend its new feature.

Verisign has so far refused. And there really isn't much that anyone can do about it.

The authors of the software used by most ISPs to retrieve Verisign's database information have rewritten their software so that it is possible to ignore Verisign's new provision.

And, most significantly of all, ICANN looks to be irritated by Verisign's refusal to even acknowledge its authority over the company.

ICANN has been notoriously slow to punish Verisign in the past (it also receives much of its funding from Verisign's donations). But these days, ICANN is struggling to maintain its own image before the US government and the internet community. The contract between ICANN and Verisign has been so far untested; Verisign, a multibillion dollar company could keep ICANN bogged down in legal proceedings if it ever questioned it.

But ICANN has entrusted Verisign to keep the database; and the Net and the US government entrust ICANN to keep Verisign in check.

All those chains of trust are being tested now. And one day, one of them will snap.

Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning