ICANN-VeriSign Deal Sparks Congressional Hearing - The Art of Redirection
(Page 2 of 4 )
The dispute started back in late 2003, when VeriSign – without consulting with anyone – suddenly decided to grab control of all .com and .net names that had not been assigned. When someone typed a misspelled or nonexistent domain name into their browser’s address bar, instead of seeing the standard “404 Not Found,” they would be directed to a VeriSign web page that included advertising links and offered to sell the domain name. The move was widely seen as an attempt to generate more revenue for the company.
It was not a harmless move, nor even just a cynical capitalistic maneuver. It actually messed up part of the Internet for a while, causing problems with antispam filters, and even encouraged webmasters to block VeriSign’s web site. The redirection also raised privacy issues. At that time, passwords were sometimes included after the hostname in Internet links – so if a user misspelled a domain name, VeriSign could end up receiving sensitive information. This doesn’t sound like the act of a company that truly cares about security.
As you would expect, ICANN asked VeriSign to suspend what the company was referring to as its “Site Finder” service. In response, VeriSign filed an antitrust lawsuit against ICANN in early 2004, claiming that the technical organization broke its contract and overstepped its bounds when it tried to dictate to VeriSign how to run its business. (Site Finder wasn’t the only “service” at issue, but I digress). For the record, many small businesses, including web hosts and domain name registrars, figure that VeriSign overstepped its bounds on a related issue by creating certain services that would have all but eliminated a nascent field – the market in expiring domain names.
Incidentally, the Site Finder service is far from the only example of VeriSign’s relative lack of interest in security. The domain name registrar is facing a lawsuit that was just granted class action status in mid-May and revolves around security matters. In this case, the issue is Secure Socket Layer certificates, which grant encryption and a certain amount of security for communication over the Internet. Basically, you can’t run an online business without an SSL certificate. VeriSign sells them, and the plaintiffs charge the company with costing them $500 per certificate, thanks to misleading statements.
It seems that VeriSign offers two kinds of SSL certificates, and charges a $546 premium for its Secure Site Pro certificates. VeriSign claims that they provide additional security, but they don’t. They provide 128 bit encryption, but “since the year 2000, when the federal government lifted export restrictions for browsers, those browsers are set at a 128 bit encryption by default,” according to Marc E. Gravely, counsel for the plaintiffs. Again, this does not sound like the actions of a company that is overly concerned about the security of those who use its services.
More Web Hosting News Articles
More By Terri Wells