panix.com hijacked (VeriSign refuses to help)
Eric Brunner-Williams in Portland Maine
brunner at nic-naa.net
Sun Jan 16 10:07:04 UTC 2005
Its dawn in Maine, the caffine delivery system has only just started,
but I'll comment on the overnight.
You're welcome alexis at panix.net. If you'll send me the cell phone number
for the MIT managment I will call wearing my registrar hat and inform
whoever I end up speaking with that Bruce needs to call me urgently, on
Registrar Constituency business.
Next, put a call into the Washingtom Post. They lost the use of the name
"washpost.com" which all their internal email used, to due to expiry, so
their internal mail went "dark" for several hours. This was haha funny
during the primary season (Feb 6). If they don't get it try the NYTimes.
Put the problem on record. There is an elephant in the room.
The elephant is that the existing regime is organized around protecting
the IPR lobby from boogiemen of their own invention. They invented the
theory that trademark.tld (and trademark.co.cctld) existence dilutes the
value of trademark, hence names-are-marks, bringing many happy dollars
(10^^6 buys) into the registrar/registry system ($29-or-less/$6, resp.,
per gtld and some cctlds), and retarding new "gTLD" introductions, as
each costs the IPR interests an additional $35 million annually.
To solve their division of spoils problem, is "united.com" UAL or is it
UA?, we had DRPs, which is now a UDRP, and more DRPs for lots of cctlds.
These [U]DRPs take many,many,many,many units of 24x7. They were invented
for the happy IPR campers, who care about _title_, not _function_. If
the net went dark that would be fine with them to, so long as the right
owners owned the right names.
Restated, there is no applicable (as in "useful for a 24x7 no downtime
claimant") law in the ICANN jurisdiction.
And it is your own damn fault. Cooking up the DRPs took years of work by
the concerned interests, and they were more concerned with enduring legal
title then momentary loss of possession. During those years, interest in
the DNSO side of ICANN by network operators went from some to zero, and
at the Montevideo meeting the ISP and Business constituencies were so
small they meet in a small room and only half the seats were taken. After
that point they were effectively merged. IMHO, Marilyn Cade and Phillipe
Shepard are the ISP/B Constituency, and they can't hear you (for all
24x7 operational values of "you").
In case it isn't obvious, the "your own damn fault" refers to a much
larger class of "you" than Alexis Rosen.
[Oh, the same happy campers are why :43 is broken. They want perfect
data at no cost and w/o restriction. Registrars don't want slamming,
today's owie, and registrants don't want spam (which some ISPs do),
so the whole :43 issue is a trainwreck of non-operational interests
overriding operational interests. Registrars would be happy to pump
:43 data to operators, if we could manage the abuse, instead we get
knuckleheads who insist that spam would be solved forever if ...]
There is a fundamental choice of jurisdictions question. Is ICANN the
correct venue for ajudication, or is there another venue? This is what
recourse to the "ask a real person" mechanism assumes, that talking to
a human being is the better choice.
Bill made this comment:
> Since folks have been working on this for hours, and according to
> posts on NANOG, both MelbourneIT and Verisign refuse to do anything
> for days or weeks, would it be a good time to take drastic action?
> Think of what we'd do about a larger ISP, or the Well, or really any
> serious financial target.
> Think of the damage from harvesting <>logins and mail passwords of
> panix users.
You (collectively) are another venue. When the SiteFinder patch was
broadly adopted to work around a change made at one of the registries,
you (collectively) were replacing ICANN as the regulatory body. ICANN
took weeks to arive at a conclusion about that change, then endorsed
that patch to the deployed DNS, while depricating incoherence in the
[I spent 5 minutes at the Rome Registrar Constituency meeting chewing
Vint Cerf and Paul Twomey in front of about 100 registrars and back
benchers for taking many,many,many,many units of 24x7 to arive at the
conclusion that breakage, or "surprise" in .com was not a good thing.]
There is a stability of the internet issue. An ISP's user names and
their passwords are compromised by VGRS, MIT, DOTSTER, and PANIX all
following the controlling authority -- the ICANN disputed transfer
process. It isn't MCI or AOL or ... and if it were a bank it might
not be Bank of America ... and if it were a newspaper it might not
be the WaPo. But if size defines the class of protected businesses
under the controlling jurisdiction , then Panix's core problem
is that it isn't AOL or MSN or the ISP side of a RBOC.
I'd be nervous if I were Alexis. Not enough people are running their
cups on the bars to get the attention of the wardens.
 In the US FCC space, the 3-2 decision mid-last month on CLEC access
to unbundled UNE is a "size defines the class of protected businesses"
policy decision. As one of the two dissenting Commissioners noted, it
means the end of the 1996 Act.
More information about the NANOG