Skip to main content

Letter from Cigref to VeriSign

This page is available in:

Cigref logo

Paris, 19 september 2003
Réf. : 03 046

- VeriSign Inc ;
- VeriSign France.


Cigref is an association which brings together the 117 biggest French user companies. Our members’ CIOs are therefore at the front line as regards all questions related to information system management.

VeriSign is the company which manages the .com and .net zones of the Domain Name System (DNS).

On 17 September 2003, some of our members expressed their astonishment on seeing the addition of a wildcard A record to the .com and .net zones. All the .com and .net domain names which previously sent error messages now re-direct to Verisign’s servers.

Since they are responsible for the integrity and confidentiality of the electronic messages within the companies by which they are employed, the CIOs have faced questions from Company Management and from their customers as regards the consequences of this implementation.

Everybody makes typing errors. The fact that a badly-addressed e-mail should now no longer be rejected but re-directed to the servers of a foreign entity is of great cause for concern. In addition to the questions raised concerning the risks in terms of ethics and security, there are also questions concerning the legal consequences of such a development. Electronic mail is today a privileged method of communication between our members and their correspondents, suppliers, or customers.

Furthermore, the major companies that we represent cannot subscribe to point 2.4 Monitoring and communication of the Verisign’s Site Finder implementation document as it is currently drawn up.

Consequently, we would like to have further details regarding:
1- the information collected in the event of a typing error in an e-mail address;
2- how this information is processed, particularly the nominative information contained in the headers of the intercepted e-mail;
3- the handling limits that a register might bring to the DNS zone it covers;
4- the aims being pursued through the implementation of a wildcard A record and the foreseeable impact on user companies.

We find it regrettable that a wildcard A record has been added to the .com and .net zones without prior consultation of the user companies and outside the recognised Icann forums.

We would therefore strongly request:
- a dialogue with the user companies prior to the implementation of technical measures of this nature which have a direct impact on the security and confidentiality of the electronic communications of Cigref’s members;
- an immediate return to the previous situation;
- the opening of a debate on the implementation of wildcard A records within the framework of the recognised Icann forums (GNSO, SSAC).

We hope that you realise the extent of our dissatisfaction regarding this issue. We remain at your disposal for any further information.

Yours faithfully,

Sébastien Bachollet

Copy sent to :
- Robin Layton, NTIA, US Department of Commerce ;
- Jeanne Seyvet, DIGITIP, French Ministry of the Economy, Finance and Industry ;
- Fabio Colasanti, Information Society Directorate-General, European Commission ;
- Paul Twomey, Icann ;
- Christopher Wilkinson, GAC Secretary.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."