VeriSign cancels request to ICANN to allow it to offer new anti abuse service.
Just two days after formally proposing a controversial mechanism to scan domain names and take down web sites used for certain malicious purposes, VeriSign has withdrawn the request.
No information about the withdrawal is available on the company’s web site.
The plan, dubbed Verisign Anti-Abuse Domain Use Policy, raised a lot of concern about government involvement on the internet. It also concerned domain name registrars.
The proposed service would have called for VeriSign performing malware scans on all .com, .net, and .name domain names once a quarter. It would also have been able to suspend domain names that knowingly hosted malware.
Although the goal of the policy was certainly noble, VeriSign’s request to ICANN lacked important details.
Russ says
Verisign is a highly strategic operator. I’d bet this was their plan from the start. Under pressure from law enforcement, the GAC, and intellectual property interests, they float a plan that proposes 100% of what those entities want and let the community push back. Now they have tons of material to point to on why its a bad idea. It’s far too impractical to boycott Verisign so the financial consequences for them are virtually nil.
Andrew Allemann says
@ Russ – interesting and very plausible.
George Kirikos says
PIR and Afilias (.org and .info) have anti-abuse policies too that are equally bad, if not worse, if one reads the precise wording. They should learn from the public uproar over this issue, and withdraw their already-approved policies.
jp says
It will be back, but in a new incarnation at a later date.
Ja Klass says
Various surveys estimated that 20% plus of websites, corporate included have some malware on them. What is the legal liability if major corporation websites are suddenly off the air due to Verisign taking down their domain?
How many lawsuits would be filed against Verisign? It’s easy to see Verisign being tied up in various courts with lawsuits.
Maybe a corporation would not win a lawsuit, but juries are funny so sue Verisign anyway.
George Kirikos says
VeriSign operates the .gov TLD. Perhaps they can implement their takedown proposal against those sites, and see what happens when they wrongly suspend a critical domain:
http://www.eweek.com/c/a/Security/California-Gov-Site-Seeded-with-Malware-Again/
The websites of the CIA, FBI, Senate, etc. have all been hacked before. Try suspending their domains, for a quick lesson in humility.