North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Collateral damage (was Re: News coverage, Verisign etc. )

  • From: Robert M. Enger
  • Date: Wed Oct 08 18:11:29 2003

Steve, et al:

There may be issues of collateral damage.

While Microsoft and Verisign battle one another
for the advertising revenue available from intercepting typographical
errors,
innocent third parties may have to repeatedly pay to modify their software.

The Verisign interception mechanism is being inserted into
the core infrastructure of the Internet, DNS.   While their intent is
to capture eyeballs from Web URL typos, they inadvertently
capture all DNS typos.   Thus, all protocols and services are affected.

Other protocols and services must analyze their own software
to see how it reacts to the new behavior of the DNS system.
Adversely affected protocols and services will have to make changes
to detect the Verisign scheme and compensate for it.

This will cost money.
There will be software development costs, as well as costs related to
customer support (new documentation, calls to tech support, etc.)

While the Microsoft eyeball-capture scheme affected only MS IE users,
the Verisign scheme affects everyone.  When the behavior of the DNS changes,
software and user behavior will also require modification.

It has been suggested that the typo-eyeball capture revenue is quite large.

If Verisign is successful in obtaining this revenue, it will be
at the expense of Microsoft.  Microsoft's revenue will decrease.

Microsoft is likely to respond.  They may change the operation of
Internet Explorer to detect the Verisign system and to bypass it.
Perhaps they will bundle the fix into one of the recommended IE patches.
This will return the typo-eyeballs to Microsoft and recapture the revenue.

Verisign will then suffer a downturn in revenue, and will likely try to
respond.
To the extent that it is technologically feasible, they may make changes
to their typo-eyeball capture mechanism to once again reclaim the eyeballs,
and the revenue.
Given the estimates of the size of the "purse", they will likely try very
hard to maintain the revenue stream.

While Microsoft's changes affect only IE, which is end-system software,
Verisign's changes will affect part of the core infrastructure of the
Internet.

When Verisign launches its counter-measure, it will be intended to
circumvent
the detection mechanisms added to IE.   Sadly, it will likely also
circumvent the
detection mechanisms added to third party protocols and services.

While the fight is between Microsoft and Verisign for the revenue from
capturing typo-eyeballs,
every time Verisign launches a new counter-measure, every protocol
and service will have to analyze the change and take appropriate action.

The typo-eyeball revenue estimates are substantial.

It is unlikely that either direct combatant will concede defeat.

Thus, there will be perpetual damage to innocent third parties.


Bob Enger



----- Original Message ----- 
From: "Steven M. Bellovin" <[email protected]>
To: <[email protected]>
Sent: Wednesday, October 08, 2003 3:54 PM
Subject: Re: News coverage, Verisign etc.


>
>
> >In these days of corporate malfeasance scandal coverage, you'd think that
> >Verisign's tactics would have whetted the appetite of some bright
> >investigative reporter for one of the major publications.
>
> For all that I'm critical of wildcards in TLDs -- I spoke at the
> meeting yesterday, and my slides are on my Web page -- I don't think
> there are any issues of malfeasance.  No one has been looting
> Verisign's coffers, they're not cooking the books, etc.  I see three
> issues:  is this technically wise, did Verisign have the right to do
> this under their current contract with ICANN, and should they have such
> a right.  I don't see anything resembling dishonesty.
>
> --Steve Bellovin, http://www.research.att.com/~smb
>
>
>