First, links into my notes: Hollenbeck, Schairer, Vixie, Smith, Bellovin, Klensin (+ discussion), final discussion. I suppose that electronic versions of the presentations will show up somewhere on the SecSAC site.
Nothing unexpected happened: Verisign tried to be collaborative with respect to fixing individual technical issues (suggesting, e.g., to introduce a wildcard MX record instead of running a bounce server), but did not seem willing to compromise on the design side of things.
The best presentations were clearly given by Bellovin and Klensin; however, they were hard to transcribe given the high information-per-time density. Both made the importance of the Internet's end-to-end design for innovation -- and the importance of a properly functioning DNS for that design -- abundantly clear. The message from their talks is that sitefinder is not just a bad idea because of individual side-effects, but because of the service's fundamental design.
Finally, the question asked by (I believe) K Claffy from CAIDA in the end of the meeting is indeed interesting: What kind of testing did Verisign actually perform before rolling out Sitefinder? What kinds of hard facts were generated during that testing process? (I'd add one more, though: How could the "snubby mail rejector daemon" survive any kind of rigorous testing?)
