On Tue, 16 Sep 2003, Zefram wrote: > ... I suggest the following courses of action, to be taken > in parallel and immediately: > 1. Via ICANN, instruct Verisign to remove the wildcard. It isn't clear that this power is vested in ICANN. There is a complicated arrangement of Cooperative Agreements, MOUs, CRADAs, and Purchase Orders that exist between various agencies of the US Department of Commerce (including NTIA, NIST, and others) and ICANN and Verisign/NSI. This web of agreements is sufficiently complicated that often really isn't exactly clear who can compel Verisign/NSI on any particular point. In fact it may well be that the power may not exist. Or it may take a lot of legal dollars and time to press the issue. To make the situation even less clear, there is, I believe, no statement in the relevant Internet Standards docucuments that clearly rules out this kind of wildcarding. (Yes, I think we can all agree that this particular use of wildcarding *is* a bad thing, I'm simply pointing out that to those who are not technically grounded in DNS matters, that without a clear prohibition in the Internet Standards, the matter isn't so obvious.) By-the-way, Neulevel (.us and .biz) did an "experiment" along these lines back in May of this year. It was short lived. At the time I thought it was a bad thing, and I still do. And at the time I wrote and sent to the ICANN board an evaluation of the risks of that "experiment." --karl--