Letter from Cigref to VeriSign
Paris, 19 september 2003
Réf. : 03 046
- VeriSign Inc ;
- VeriSign France.
THE DEPUTY GENERAL MANAGER
Cigref is an association which brings together the 117 biggest French user companies. Our members’ CIOs are therefore at the front line as regards all questions related to information system management.
VeriSign is the company which manages the .com and .net zones of the Domain Name System (DNS).
On 17 September 2003, some of our members expressed their astonishment on seeing the addition of a wildcard A record to the .com and .net zones. All the .com and .net domain names which previously sent error messages now re-direct to Verisign’s servers.
Since they are responsible for the integrity and confidentiality of the electronic messages within the companies by which they are employed, the CIOs have faced questions from Company Management and from their customers as regards the consequences of this implementation.
Everybody makes typing errors. The fact that a badly-addressed e-mail should now no longer be rejected but re-directed to the servers of a foreign entity is of great cause for concern. In addition to the questions raised concerning the risks in terms of ethics and security, there are also questions concerning the legal consequences of such a development. Electronic mail is today a privileged method of communication between our members and their correspondents, suppliers, or customers.
Furthermore, the major companies that we represent cannot subscribe to point 2.4 Monitoring and communication of the Verisign’s Site Finder implementation document as it is currently drawn up.
Consequently, we would like to have further details regarding:
1- the information collected in the event of a typing error in an e-mail address;
2- how this information is processed, particularly the nominative information contained in the headers of the intercepted e-mail;
3- the handling limits that a register might bring to the DNS zone it covers;
4- the aims being pursued through the implementation of a wildcard A record and the foreseeable impact on user companies.
We find it regrettable that a wildcard A record has been added to the .com and .net zones without prior consultation of the user companies and outside the recognised Icann forums.
We would therefore strongly request:
- a dialogue with the user companies prior to the implementation of technical measures of this nature which have a direct impact on the security and confidentiality of the electronic communications of Cigref’s members;
- an immediate return to the previous situation;
- the opening of a debate on the implementation of wildcard A records within the framework of the recognised Icann forums (GNSO, SSAC).
We hope that you realise the extent of our dissatisfaction regarding this issue. We remain at your disposal for any further information.
Copy sent to :
- Robin Layton, NTIA, US Department of Commerce ;
- Jeanne Seyvet, DIGITIP, French Ministry of the Economy, Finance and Industry ;
- Fabio Colasanti, Information Society Directorate-General, European Commission ;
- Paul Twomey, Icann ;
- Christopher Wilkinson, GAC Secretary.