Later this year, a company will be selected to run the .net domain on the internet. VeriSign has operated the .net registry since 2001 alongside the .com registry. However, exactly how certain it is that the company will be able to take on the registry for another term is unknown. VeriSign critics have highlighted their poor track record on certain issues as a sound reasons as to why the company should not be allowed to run the .net registry again. In 2003, VeriSign introduced a controversial and short lived "Site Finder" redirection service for all un-registered .com and .net domains. ICANN forced VeriSign to remove the service and VeriSign in turn sued ICANN in a case that was dismissed in late 2004. Yet as NTK summarizes, two security researchers have another reason as to why VeriSign shouldn't be running the registry.
"Everyone else likes to worry about Google's gathering conflict of interests, but Verisign's S.P.E.C.T.R.E.-level skills still take some beating. This week, orbiting crypto analysts Ian Grigg and Adam Shostock belatedly pointed out to ICANN that perhaps VeriSign couldn't trusted with .net. Why? Well, VeriSign these days offers both top level domains and SSL certificate authentication. They also, with their NetDiscovery service - sell ISPs a complete service for complying with law enforcement surveillance orders. So, if an American court demands an ISP wiretap its customers, and the ISP turns that order over to VeriSign to do the dirty: well, VeriSign can now fake any domain you want, and issue any temporary fake certificate, allowing even SSLed communications to be monitored." (Complete message here)
VeriSign have yet to respond to these criticisms. So far, ICANN, the body that oversees the .Net registry, has received five applications to run it; Verisign's four year contract with ICANN expires on 30 June 2005. VeriSign had seemed highly likely to win the bid until it emerged that CORE++, a global consortium of companies, had quietly placed a bid for the contract. Core claim to have the backing of Internet Systems Consortium, a non-profit company that makes central internet software like BIND. The company seem reasonably determined to take over from VeriSign, who are experiencing their first ever challenge to their monopoly of running top-level domains. ICANN will announce the winning bid in the coming months.