Feeds

Verisign and .net: a winner all the way

Deeply flawed

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Both ICANN and VeriSign were informed of the relevant aspects of this story and their responses are given below with additional comments by ourselves.

ICANN's response

"As part of an open and transparent process the GNSO received comments regarding the RFP criteria - the GNSO then Adopted the RFP criteria and presented it to the ICANN Board - and as an additional part of the open and transparent process ICANN took comments on the draft RFP - that was based on the GNSO criteria - and then the ICANN Board (at its open, public Board meeting in Cape Town) approved the GNSO Criteria and the RFP based upon the GNSO criteria and public comments. This all took place in December - in plenty of time to have people voice concern of the process to date - so what you're therefore contending is factually inaccurate."

Our response: Our story refers explicitly to changes made during the period betwen the GNSO's final approved report on 5 August 2004, and ICANN's first draft of the RFP, released on 12 November 2004. In that time, an enormous number of extra criteria, requested by VeriSign were added, without any additional outside consultation. In addition, an entire new section "Security and Stability", requested by VeriSign, was added.

Also, the explicitly stated fact that "competition" should be the primary relative criteria ("1. Relative criteria related to promotion of competition") used to decide the winner in the GNSO report - which came complete with three categories and three sub-categories - was reduced in ICANN's RFP to relative criteria point "7. Additional Relative Criteria" and comprised just three sub-categories.

VeriSign and the GNSO had numerous public arguments over the competition criteria, during which VeriSign made it very clear it felt competition should come far below other relative criteria such as stability and security.

The result of these changes was to name VeriSign as the winner of the contest. If those changes had not been adopted, VeriSign would not have won the contest.

"ICANN didn't go forward with the evaluation process until all the bidders were satisfied that Telcordia could render an unbiased evaluation."

Our response: What happened was ICANN publicly announced it had chosen Telcordia without consulting or informing the bidders. At the same time as the announcement, ICANN published a disclosure statement from Telcordia, which was preceeded with a statement by ICANN's General Counsel stating that in his opinon that was no legitimate reason why Telcordia should not be chosen as the evaluator.

One bidder, Sentan, immediately complained about Telcordia's suitability. ICANN then called each bidder individually and outlined Sentan's concerns. Bidders were not given the option of veto over Telcordia and had no choice but to accept Telcordia is they wished to continue bidding for .net.

"Pursuant to the adopted RFP process, it is the ICANN Board (not ICANN Staff) that will make any decision and who will consider the following at its upcoming meeting:

A. the Telcordia report; B. the Applicants' written comments on the Telcordia report; C. any response from Telcordia to the Applicants' written comments; D. any and all public or Internet Community comments received by ICANN on its website; and E. the proposed .NET Registry Agreement negotiated between ICANN and VeriSign."

Our response: It is our contention that the process was unfairly skewed (by ICANN staff)in favour of VeriSign before Telcordia had even been chosen. As such, the Board will only have the opportunity to decide on the results of what was already a flawed process.

"I don't think ICANN will have the names of the Telcordia team until the process of commenting on the evaluation by all parties is concluded."

In the previous mentioned disclosure statement from Telcordia, approved by ICANN's General Counsel, it stated: "Neither Telcordia Technologies, Inc. nor individual member of the evaluation team has any financial interest in or similar dealings with any of the applicants". How can ICANN agree with that statement if it does not know the identities of the individual members of the evaluation team? ICANN also informed us over two weeks ago that it had requested the names of the evaluation team from Telcordia. Does ICANN have those names, or has Telcordia withheld them? What are the reasons for not making the names public?

VeriSign's response

"VeriSign did not offer any comments to ICANN outside of the approved comment channels for all bidders and all public comment. Nothing was shown to VeriSign prior to it being publicly available or available to all bidders. "VeriSign offered comments, as I believe all bidders did on the RFP and GNSO report. ICANN posted many of the comments. VeriSign did not make any threat of a lawsuit. VeriSign did - in its comments - note how certain aspects of the RFP and GNSO report were contrary to our contract." Our response: On 24 June 2004, VeriSign informed ICANN: "VeriSign objects to the Draft Procedure for designating a subsequent .net Registry Operator... on the grounds that it does not comply with the procedural or substantive requirements of the existing .net Registry Agreement, the Memorandum of Understanding between ICANN and the Department of Commerce, or the Bylaws of ICANN...

"...VeriSign believes that anything less than the true 'adoption of an open and transparent procedure for designating a successor Registry Operator' is a material violation of applicable requirements on ICANN, including as set forth in the current .net Registry Agreement."

ICANN and the GNSO took this threat seriously enough to seek legal advice from its General Counsel. A vote on final approval of the GNSO report was delayed while this legal situation was reviewed.

If VeriSign didn't explicitly state it would launch a lawsuit, it was certainly assumed by ICANN that this was what VeriSign's statement implied. We believe the threat of a further lawsuit was used to add pressure to VeriSign's demands for changes in the report and its criteria. ®

Related stories

VeriSign responds to .net report criticisms
VeriSign wins back .net registry
VeriSign enters MMS market with Lightsurf buy

The next step in data security

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.