LINX Letter to ICANN regarding Verisign

• Previous message (by thread): Some very strange network behaviors - follow-up
• Next message (by thread): ftp.cisco.com broken ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI. Sent yesterday :

Submission by the London Internet Exchange to the ICANN Security and Stability 
Advisory Committee Regarding Verisign's Deployment of Wildcard DNS Records
The London Internet Exchange (LINX) is Europe's largest Internet exchange point. 
Owned mutually by nearly 140 member Internet Service Providers and Content 
Services Providers, LINX members carry the overwhelming majority of Internet 
traffic within the United Kingdom. Most of the Internet traffic exchanged 
between ISPs within the UK by public peering is passed across the LINX. 

LINX is concerned about Verisign's insertion of wildcard records into the .com 
and .net zones, and about the use of these wildcards to direct traffic that 
would otherwise have resulted in a "no domain" response to Verisign's own hosts.

LINX views the DNS tree as extremely important to the smooth operation of 
Internet services: anything that damaged confidence in the integrity and unified 
nature of the DNS tree would be very unfortunate.

LINX is concerned that Verisign's actions may undermine confidence in the DNS. 
In particular, LINX fears that individual networks may implement workarounds to 
avoid the effect that Verisign is seeking to create, and that this could result 
in reduced confidence in the DNS system continuing as a single coherent tree. 

Once the prospect of DNS resolvers choosing not to honour the DNS tree appears 
we have to consider the possibility of further fragmentation of the DNS through 
individual networks suborning the Domain Name System in order to pursue other 
commercial or policy interests. 

Another avenue of concern lies in the area of respecting end user privacy. While 
we take note of and welcome Verisign's assurances that they are not logging 
traffic to its mail servers, end users around the world are forced to rely on 
the promise offered by a commercial entity operating in a single national 
jurisdiction. The United States does not share the same data protection laws 
offered in some other countries, and most end users would have no practical or 
legal recourse if Versign were to fail to adhere to its policy, either for its 
own purposes or for those of the relevent legal authorities. There is therefore 
a powerful argument that end users should not have to take the promise not to 
retain private data on trust.

In contrast to these concerns, there is Verisign's own interest in preserving 
its freedom of action and ability to pursue its commercial success. We are not 
persuaded that in this case Verisign's private interests outweigh the 
considerable public concerns that have been expressed by LINX and others on 
behalf of the wider Internet community.

The longer term implications of such DNS fragmentation are directly relevent to 
the stability of Internet service, and thus to the work of ICANN's Security and 
Stability Advisory Committee. We believe that these implications would be quite 
regretable, and that it is appropriate to take steps to ensure that this does 
not occur.

LINX endorses the statement of the Internet Architecture Board and recommends 
that Verisign is asked to remove the wildcard records it has inserted in the 
.com and .net zones.

• Previous message (by thread): Some very strange network behaviors - follow-up
• Next message (by thread): ftp.cisco.com broken ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]