cbs228Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO | Illegal!? IANAL, but what VeriSign has done is of questionable legality. Think about this: It's not only HTTP requests that get served via DNS-- it's everything, including... email.
Yes, that's right. If you misspell "joebloggs@aol.com" as "jogbloggs@aop.com", guess what happens? The name doesn't exist, but in absence of a clarifying "name lookup failed" message, the message instead gets bounced to VeriSign's DNS-mistype-trap server.
An HTML coder could get careless and mistype the ACTION statement on a METHOD="POST" form, and again, VeriSign gets the POST arguments.
VeriSign is obviously intercepting communications which are not intended for them. They are misrepresenting themselves to the user's application and network, presenting themselves as another party. When you dial a wrong number, you generally expect the person on the other end to say that it is a wrong number, instead of misrepresenting themselves as another party as VeriSign is doing.
Wasn't there a case recently over someone (inadvertently?) intercepting electronic mails destined for some newspaper (The New York Times, I believe) because the DNS name was similar, and the defendant was forced to surrender the name? If so, this is obvious precedent.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? |
