I saw this on the Nanog list:
>From the commentary:
"The DNS "wildcard" mechanism has been part of the DNS protocol since
the original specifications were written twenty years ago, but the
capabilities and limitations of wildcards are sufficiently tricky that
discussions of both the protocol details of precisely how wildcards should
be implemented and the operational details of how wildcards should or
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
should not be used continue to the present day. This section attempts to
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
explain the essential details of how wildcards work, but readers should
refer to the DNS specifications ([RFC 1034] et sequentia) for the full
details."
This statement is true of nearly the entire DNS suite. We (the DNS
working groups) can't even agree on how AXFR works.
The commentary is slightly less than honest about the problems. In
particular, the statement that
"Web browsers all over the world stopped displaying "page not found" in
the local language and character set of the users when given incorrect
URLs rooted under these TLDs."
In fact, the 3 most popular browsers, MSIE, Netscape, and Mozilla, which
account for perhaps 90% of the browser market, do not display "Page not
found", but take you to MSN, and Netscape search pages, respectively.
Besides the falseness of the first claim, this also means that no one has
lost internationalization of local language and character set, either.
This is not the only false claim or exaggerated claim.
There are also numerous flaws, false statements, and omissions in the
section about email. So many that I can't list them all here. But a
sample:
"If operators choose to allow their mail to go to the bounce server,
they now have an increased mail load handling additional routing of
messages to the bounce server; if operators choose not to allow this to
happen, they have an additional development and maintenance burden
configuring their servers to prevent it."
There is no more "mail load". There is just a single tcp connection. As
was pointed out, this already happens for numerous other registries, and
has for a long time.
Further, the "additional development and maintenence burden" to tamper
with or hack Verisign's DNS records is of no concern. We are not in the
business of making it easier to conduct illegal activity: I have not yet
seen any evidence of ISPs asking their customers permission to participate
in any boycott, nor for permission to modify or hack the DNS records from
Verisign. Those ISPs that deploy these hacks without their customer's
permission are very likely violating the Electronic Communications Privacy
Act which prohibits unauthorized tampering with electronic communications.
Organizing or partcipating in a group boycott of Verisign harming its
business is very likely a violation of US Antitrust law. Neither the IAB
nor the IETF ought to find itself in violation of US law. While Nanog may
find the idea meritorious, it has a long history of Verisign bashing, and
a history of training Internet operators and engineers without any
instruction in telecommunications or business law or respect for the same.
The other sections of the document are similarly false and exaggerated
statements (eg, the claim of a "single point of failure"). Too many to
list here, in fact.
Frankly, I'm appalled that the IAB would find itself associated with such
a document. I would like to register a formal complaint about the
document. Perhaps what is really needed are IAB members who are more
interested in facts that are the currency of engineering, and less
interested in hyperbole.
Dean Anderson
CEO
Av8 Internet, Inc