> From: N407ER [mailto:n407er@myrealbox.com] > Sent: Tuesday, September 23, 2003 10:43 AM > > By this logic, all webservers which unintentionally accept traffic > without somehow verifying that a typo did not take place violate the > ECPA. Thats ridiculous. Do you really want a precedent where, if someone > accidentally POSTs bank information to your site instead of the URL > they meant to type, you are somehow liable? IANAL, but the law recognizes degrees of liability. It's far less likely that someone mistypes a URL and ends up with another valid FQDN, than ends up with garbage that sends them to SiteFinder. By choosing to make it so easy for data to be misdirected to SF, Verisign has arguably taken on greater liability. On a more practical note, by potentially exposing many, many users to data misdirection, Verislime opens itself to class-action lawsuits. Verisign executives appear to enjoy dancing on the edge of a precipice. The CA business is essentially an unregulated financial service; if e-commerce continues to grow, that won't last. The DNS business is an unnatural monopoly. Verisign has screwed up royally in both (the bogus Microsoft certificates and the sex.com transfer). Sooner or later someone with the right resources will get sufficiently pissed to see them ground under the government's thumb. Whether that happens through regulation or the courts is the only real question. And while there may well be unfortunate long-term effects, it'll be hard not to feel a degree of glee in the moment. -- Michael Wojcik Principal Software Systems Developer, Micro Focus
