Feeds

Verisign and .net: a winner all the way

Deeply flawed

  • alert
  • submit to reddit

Bridging the IT gap between rising business demands and ageing tools

Both ICANN and VeriSign were informed of the relevant aspects of this story and their responses are given below with additional comments by ourselves.

ICANN's response

"As part of an open and transparent process the GNSO received comments regarding the RFP criteria - the GNSO then Adopted the RFP criteria and presented it to the ICANN Board - and as an additional part of the open and transparent process ICANN took comments on the draft RFP - that was based on the GNSO criteria - and then the ICANN Board (at its open, public Board meeting in Cape Town) approved the GNSO Criteria and the RFP based upon the GNSO criteria and public comments. This all took place in December - in plenty of time to have people voice concern of the process to date - so what you're therefore contending is factually inaccurate."

Our response: Our story refers explicitly to changes made during the period betwen the GNSO's final approved report on 5 August 2004, and ICANN's first draft of the RFP, released on 12 November 2004. In that time, an enormous number of extra criteria, requested by VeriSign were added, without any additional outside consultation. In addition, an entire new section "Security and Stability", requested by VeriSign, was added.

Also, the explicitly stated fact that "competition" should be the primary relative criteria ("1. Relative criteria related to promotion of competition") used to decide the winner in the GNSO report - which came complete with three categories and three sub-categories - was reduced in ICANN's RFP to relative criteria point "7. Additional Relative Criteria" and comprised just three sub-categories.

VeriSign and the GNSO had numerous public arguments over the competition criteria, during which VeriSign made it very clear it felt competition should come far below other relative criteria such as stability and security.

The result of these changes was to name VeriSign as the winner of the contest. If those changes had not been adopted, VeriSign would not have won the contest.

"ICANN didn't go forward with the evaluation process until all the bidders were satisfied that Telcordia could render an unbiased evaluation."

Our response: What happened was ICANN publicly announced it had chosen Telcordia without consulting or informing the bidders. At the same time as the announcement, ICANN published a disclosure statement from Telcordia, which was preceeded with a statement by ICANN's General Counsel stating that in his opinon that was no legitimate reason why Telcordia should not be chosen as the evaluator.

One bidder, Sentan, immediately complained about Telcordia's suitability. ICANN then called each bidder individually and outlined Sentan's concerns. Bidders were not given the option of veto over Telcordia and had no choice but to accept Telcordia is they wished to continue bidding for .net.

"Pursuant to the adopted RFP process, it is the ICANN Board (not ICANN Staff) that will make any decision and who will consider the following at its upcoming meeting:

A. the Telcordia report; B. the Applicants' written comments on the Telcordia report; C. any response from Telcordia to the Applicants' written comments; D. any and all public or Internet Community comments received by ICANN on its website; and E. the proposed .NET Registry Agreement negotiated between ICANN and VeriSign."

Our response: It is our contention that the process was unfairly skewed (by ICANN staff)in favour of VeriSign before Telcordia had even been chosen. As such, the Board will only have the opportunity to decide on the results of what was already a flawed process.

"I don't think ICANN will have the names of the Telcordia team until the process of commenting on the evaluation by all parties is concluded."

In the previous mentioned disclosure statement from Telcordia, approved by ICANN's General Counsel, it stated: "Neither Telcordia Technologies, Inc. nor individual member of the evaluation team has any financial interest in or similar dealings with any of the applicants". How can ICANN agree with that statement if it does not know the identities of the individual members of the evaluation team? ICANN also informed us over two weeks ago that it had requested the names of the evaluation team from Telcordia. Does ICANN have those names, or has Telcordia withheld them? What are the reasons for not making the names public?

VeriSign's response

"VeriSign did not offer any comments to ICANN outside of the approved comment channels for all bidders and all public comment. Nothing was shown to VeriSign prior to it being publicly available or available to all bidders. "VeriSign offered comments, as I believe all bidders did on the RFP and GNSO report. ICANN posted many of the comments. VeriSign did not make any threat of a lawsuit. VeriSign did - in its comments - note how certain aspects of the RFP and GNSO report were contrary to our contract." Our response: On 24 June 2004, VeriSign informed ICANN: "VeriSign objects to the Draft Procedure for designating a subsequent .net Registry Operator... on the grounds that it does not comply with the procedural or substantive requirements of the existing .net Registry Agreement, the Memorandum of Understanding between ICANN and the Department of Commerce, or the Bylaws of ICANN...

"...VeriSign believes that anything less than the true 'adoption of an open and transparent procedure for designating a successor Registry Operator' is a material violation of applicable requirements on ICANN, including as set forth in the current .net Registry Agreement."

ICANN and the GNSO took this threat seriously enough to seek legal advice from its General Counsel. A vote on final approval of the GNSO report was delayed while this legal situation was reviewed.

If VeriSign didn't explicitly state it would launch a lawsuit, it was certainly assumed by ICANN that this was what VeriSign's statement implied. We believe the threat of a further lawsuit was used to add pressure to VeriSign's demands for changes in the report and its criteria. ®

Related stories

VeriSign responds to .net report criticisms
VeriSign wins back .net registry
VeriSign enters MMS market with Lightsurf buy

Application security programs and practises

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.