No Such Weblog

The SECSAC's second meeting on sitefinder is going to begin at 1 pm EST. The webcast URL has now been posted to ICANN's web site.

Presentations already available from the agenda page: VeriSign, Edelman.

PS: I don't promise to take extensive notes this time.

At the DC workshop, the Q&A is going on as I type this. Verisign is being grilled about their "user survey." Verisign tries to spin Sitefinder as a pro-user service that was accepted well. Secsac members are raising doubts about what kinds of questions were asked, and are trying to drill down to what was actually asked. Verisign refuses to release the questions asked, though.

I've submitted two questions to the SECSAC's comment address. Both were read; thanks!

• How many of the respondents to the surveys quoted (which included users from Germany and China) do not speak English?
  Answer: "don't know." I'm actually starting to wonder what language was used for the survey questions in these countries.
• Verisign says it does not use the wildcard to collect personal data. What about the third-party (Overture) web bug placed on the Sitefinder site?
  Answer: Web bug exists. Planning to do minimum information only. (?) Opt-out? No. Consistent with privacy practices. Crocker explicitly speechless.

Some interesting discussion between Crocker and Verisign people on whether this is a registry service change. Crocker insists that core of registry function was changed. Gomes emphasizes RFC compliance. Counsel to Verisign steps in and notes that some terminology ("registry service") is loaded with legal meaning.

Several people ask why a user survey is thought to be relevant for security and stability and presented at this meeting. No conclusive answer.

Question about service survey conducted -- can Verisign make data available? Answer: Results are in the slides; data are proprietary.

Closing question from Rick Wesson: Further undisclosed testing with non-delegation records? Long silence. "If move forward, testing needed, to provide secure and stable service." Crocker: Good. Rick: No. Crocker: Good that we understand situation.

Today's presentations and statements (as far as they related to the technical side of sitefinder) fit well with what became evident at the last meeting: Verisign is trying to play nice with respect to collateral damage, they are helping people to fix what can be fixed by changing client software, but they are not moving on the wildcard itself.

Two problems with that: 1. They are causing cost to others on the net by making changes at the center that have to be worked around at the edges. The side effects of the root-delegation-only BIND patch on .name are just one example. 2. Fixing the collateral damage does not give users the choices they have now (but haven't with a wildcard).