[IP] VeriSign prepares to relaunch "Site Finder" -- calls

Tue Feb 10 05:28:36 UTC 2004

--On Tuesday, February 10, 2004 10:21 +0530 Suresh Ramasubramanian 
<suresh at outblaze.com> wrote:

<>
> You are of course right.  The problem posed by sitefinder in its previous
> form has been discussed already, and our bind / djbdns resolvers have
> been patched appropriately to ignore the aberrant behavior introduced by
> verisign.

>
> There ends the operational impact of verisign's decision, till such time
> as they revive sitefinder, and till such time as resolver patches in
> existence are modified if necessary to cope with the new edition of
> sitefinder.

But that's a HUGE operational impact.  Now we're all expected to go around 
and run patched versions of our resolvers or nameservers to get around a 
company using shady tactics to just increase it's bottom line!  Lets say it 
takes on average about 10 minutes per machine to do the necessary changes, 
I'll have to spend several hours installing patched software for something 
that is harmful.  They remove the ONLY method for testing if a domain 
exists or not, and certainly the only 'lightweight' method.

Not to mention there is no guarantee the patch will continue to work.  Well 
already know of a few ways in which it can break, and anything we do to get 
around those surely introduces maintenance or other headaches.  Who's going 
to pay me to maintain these parts of systems that until now just worked? 
Who's going to pay any of us?  Not VeriSign.  But they'll be making quite 
likely millions off of the hijacked hits.

So I ask again, who's going to pay for my time to that?  Last time they 
turned this thing on globally I also spent at least two hours on the phone 
trying to explain it to various users.  And what about the systems or 
platforms that *CAN'T* be patched?  What about systems that have long 
depended on the way things are supposed to work?

--
Michael Loftis