One thing I haven't seen mentioned in all this is the incredible business monopolizing effect this move will have on the TLD's in question. It dramatically shifts the domain playing field in Verisign's favor by
millions of potential customers to their site(s) specifically, giving
pointing them
millions of dollars in free advertising eye-time over any of the competition
I don't see how this eye-time can be translated into millions of dollars. But it is clear that Verisign are making money by selling sponsored links to people who sell spamming services and software. And it is also clear that this redirection of traffic allows them to amass a large database of email addresses that are current, active and which belong to people who don't always check things carefully before acting, i.e. the To: email address was mistyped. They could make a lot of money selling that list of email addresses to spammers. And they could also sell a lot of the mistyped addresses after "correcting" the domain name portion by supplying the closest matches from the .COM and .NET database. I wonder how anyone can continue to trust a company like this as a certificate authority. They seem to have attracted the breed of get-rich-quick management who want to make money by scamming the public and selling very unsubtantial things like names(.COM) and numbers (SSL certs). I don't pretend to believe that we can stop fast-buck artists from running these sorts of scams but we have to find alternative sources for SSL certs from companies whose business model lies squarely in the world of security and trust. That clearly excludes Verisign. Any company with such shoddy business practices that they can unleash this technically flawed redirection of traffic without proper testing and public consultation is also a soft target for infiltration. As was already mentioned, it is only a matter of time before a criminal gang infiltrates Verisign and launches man-in-the-middle attacks on the banking system. There are already people that are specifically targetting banks by installing surreptitious keyloggers on computers that sniff out Internet banking passwords. This would be far more effective if the keyloggers were installed by a man-in-the-middle so that they were targetted only at the intended victims. --Michael Dillon