Feeds

VeriSign responds to .net report criticisms

Plus a brief rundown of what happens next

  • alert
  • submit to reddit

Reducing security risks from open source software

VeriSign has posted its response to the ongoing dispute over Telcordia's report into .net ownership, but surprised observers by launching into a rant against a rival bidder.

The report, released last Tuesday, has attracted an enormous amount of criticism, both from the losing bidders and the chairman of the committee that helped decide its evaluation criteria. All have called the report seriously flawed and asked for an investigation to be held.

Three of the losing bidders - CORE++, Denic and Sentan - have posted lengthy and precise critiques of the report, the evaluators and the evaluation process, sparking ICANN into giving a public statement on the process in an effort to calm the situation. The fourth losing bidder, Afilias, has yet to respond.

VeriSign, as winner of the Telcordia initial report and so the .net registry, was not expected to criticise the report, but the letter sent by its general manager Mark McLaughlin to ICANN head Paul Twomey has amazed many with its virulence, all directed at second-place bidder Sentan.

"I wanted to take this opportunity to give you the benefit of our comments and concerns regarding the letter of April 4, 2005 to you from Mr. Richard Tindal, CEO of Sentan Registry Services," it begins.

"It is most unfortunate that Sentan, in an attempt to overcome the deficiencies of its own proposal, has found it necessary to launch a baseless, unsubstantiated attack on the findings of ICANN’s designated independent evaluator, Telcordia Technologies."

It continues in the same vein throughout the letter and goes on to accuse Sentan of being self-serving, distorted, biased and "nothing more than a disgruntled bidder attempting to manipulate the process".

The accusations levelled at just Sentan are out of keeping with the other responses from bidders who have listed their concerns with the report and Telcordia and provided detailed reasons as to why they hold those concerns.

But since Sentan is the only company likely to surpass VeriSign when Telcordia produces its revised report, it would appear the VeriSign has decided the best policy is provoke Sentan into a public fight. Sentan has so far avoided the temptation.

Nevertheless, substantial question marks remain over large parts of the report. Telcordia has apparently admitted it wrongly marked Denic down by saying it had an in-house built database when the opposite was true. It has yet to reply to an equally damning accusation by CORE++ that Telcordia completely misunderstood its measurement methodology.

On top of that, Telcordia wrongly marked VeriSign up and Denic and Sentan down over the distance between primary and backup servers. Telcordia also copy/pasted a summary of one criteria into another, apparently forgetting to change the wording, adding to Denic's accusation that the whole report was "sloppy" and full of "serious factual errors".

There are further criticisms over wrongly applied criteria, false marking and incompetent evaluation. And on top of that, Telcordia faces several questions over its independence thanks to previous financial and professional connections with VeriSign (with whom it had a joint alliance) and Sentan (whose majority partner, NeuLevel, has been a bitter rival for years).

Telcordia also continues to refuse to release the list of its staff that were on the evaluation panel.

So where are we up to?

Such has been the fuss that ICANN yesterday acknowledged at its public forum the depth of anger and outlined how it intended to deal with the situation, in an effort to calm tempers.

ICANN lawyer John Jeffrey sought to pull the debate out of the public eye by stating the public forum set up precisely to discuss the .net report was "inappropriate" for public comments on the .net report. Instead, he asked all bidders and interested parties not to post any more comments on the forum and instead send them direct to ICANN in the form of a letter.

It is hardly surprising that ICANN doesn't want the argument in public, especially considering the matter is of such importance - ownership of the second most-important registry on the Internet. In an effort not to appear secretive though, it has promised to publish all correspondence once the issue had been decided.

However, the situation is far from settled. Because of tight time constraints - the .net contract ends on 30 June - ICANN is trying to push the process through as quickly as possible. After all, it has still to decide contract details with the new owner of .net.

ICANN is sending all correspondence on the report to Telcordia and expects Telcordia to respond by early next week with a revised report. It is extremely unlikely that Telcordia will accept some of the criticisms of its work and it will not want to alter the overall positions of the bidders if at all possible in order to save face.

An ICANN spokesman also confirmed that due to time constraints, the revised report will be taken to be the final version and it will not accept any further responses from the bidders. As such, Telcordia has very little reason to change its report.

Despite all the criticisms, ICANN continues contract talks with VeriSign solely on the basis of the report, which suggests it too expects Telcordia to arrive at the same result in the revised report. If that does happen, ICANN will then most likely rush the decision through for Board approval, again citing time constraints.

That may solve the problem from the decision-making aspect but unless Telcordia manages to answers the other bidders' concerns, it seems very unlikely the Afilias, CORE++, Denic and Sentan will let the matter drop.

ICANN is desperate to avoid another series of punishing lawsuits, so rushing the decision through may therefore appear to be the best solution.

However, it would do well to consider granting a temporary extension to VeriSign's existing .net contract in order to give sufficient time and consideration to this very significant decision. Brushing aside legitimate concerns by repeating the same line about time constraints will appear very artificial when a significant amount of the Internet is handed over on the basis of a hotly disputed report with acknowledged, significant errors.®

Related link

VeriSign's response

Related stories

More criticism piled on .Net report .Net report speared a third time
.Net report was fudged
.Net report slammed again
Denic damns 'errors' in .net report

Mobile application security vulnerability report

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.