Verisign: Difference between revisions
Line 143: | Line 143: | ||
===Raises Questions on Security & Readiness=== | ===Raises Questions on Security & Readiness=== | ||
In late March 2013, Verisign sent [[ICANN]] and the [[DOC|U.S. Dept. of Commerce]] a report analyzing the readiness of [[ICANN]] to safely implement its [[New gTLD Program]]. The 21 page document covered a large variety of issues but focused on | In late March 2013, Verisign sent [[ICANN]] and the [[DOC|U.S. Dept. of Commerce]] a report analyzing the readiness of [[ICANN]] to safely implement its [[New gTLD Program]]. The 21 page document covered a large variety of issues but focused on readiness and potential weak points in the program and the implementation of New gTLDs. Many speculated at reasons beyond public welfare for the report being issued, such as an interest in delaying the program due to its vested interest in the .com market dominance. Still, Verisign has over 200 new gTLD clients that are looking towards implementation in order to start profiting from or otherwise utilizing their applied-for extensions. ICANN's CEO, Mr. [[Fadi Chehadé]], defended the organization's readiness and noted that the report contained no new information or areas that have not been addressed, stressing that the program was continuing on schedule with an acute attention to all matters of security.<ref>[http://domainincite.com/12465-chehade-says-no-delay-as-verisign-drops-a-security-bomb-on-icann Chehade Says No Delay as Verisign Drops a Security Bomb, DomainIncite.com] Published& Retrieved March 29 2013</ref> | ||
== Security Breach== | == Security Breach== |
Revision as of 21:55, 29 March 2013
ICANNWiki Platinum Sponsor | |
Type: | Public |
Industry: | Internet, Communications, Registry |
Founded: | 1995 |
Founder(s): | Jim Bidzos |
Headquarters: | 12061 Bluemont Way, Reston, VA 20190 |
Country: | USA |
Employees: | 1,009 worldwide[1] |
Revenue: | $772 million (2011 Naming Services Revenue)[1] |
Website: | Verisigninc.com |
Twitter: | @VERISIGN |
Key People | |
Jim Bidzos, Founder, Chairman, CEO Pat Kane, SVP and GM of Naming Services |
Verisign is an Internet infrastructure service provider. It is based in Reston, VA and was founded in 1995. The company has offices around the world, in Virginia, California, Washington D.C., India, Brazil, China, Australia, Switzerland, and the UK.
Its registry services include operating the authoritative directory for the following TLDs:
Verisign runs two of the world's thirteen root servers: a.root-servers.net and j.root-servers.net, which are considered national IT assets by the U.S. Federal government.[1] Verisign's average daily Domain Name System (DNS) query load for the first quarter of 2012 was 66 billion, with a peak of 74 billion; this represents a daily average increase of 4 percent over the previous quarter, while the peak decreased 37 percent.[2]
Verisign was also well-known for its authentication services, which included business authentication services such as implementing and operating secure networks, utilizing SSL protocol, encrypting transactions and communications, and user authentication services such as identity protection, fraud detection, and public key infrastructure.[3] Those services were sold to Symantec in 2010.[4] Prior to selling those services, Verisign had 3,000,000 certificates in operation, which made it the largest Certificate Authority behind the encryption and authentication on the Internet.[5]
In October 2011, Verisign's registry management for .com domains passed the 100 million mark.[6] In the first quarter of 2012, figures showed that it held more than 50% of registrations for all TLDs.[7] By the end of 2012's second quarter, Verisign had 240 million domain names across all of the TLDs it operates, with .com and .net holding 49% of the TLD market share, a drop of 2% from the first quarter.[8]
Products and Services[edit | edit source]
Verisign provides its services through two divisions, its Internet Services division and the Security Service Division. The Internet Services division includes Naming & Directory Services such as domain name registration for .com and .net, and DNS-related and RFID services.
In January 2012, Verisign raised the wholesale prices of .com and .net registration by 7%, increasing the price from $7.34 to $7.85. Registrars generally passed the price increase on to their customers. Some used it to raise their own prices beyond the 7% increase, by increasing prices by 10 to 12 percent.[9]
In its 2012 10-K report, Verisign identified ARI Registry Services, Neustar, Afilias, and Nominet as its primary competitors.[10]
The following three services -- Managed DNS, DDoS Protection, and iDefense -- are individual services, but are available together as a part of Verisign's "Uptime Bundle", designed with four different pricing and service packages to meet the needs of a variety of organizations.[11]
Managed DNS[edit | edit source]
Verisign's in-house DNS services are comprised of a globally-deployed constellation of sites offering cloud-based hosting solutions which enable organizations with critical online systems to confidently move support for DNS resolution outside of their internal teams. Given Verisign's expertise and scale, their services reliably optimize availability and performance at what would be a fraction of the combined costs for system administrator time, patching, hardware purchase, deployment, maintenance, and bandwidth required to support DNS management internally. Using a secure Web-based portal, Verisign Managed DNS customers maintain secure, exclusive, and direct control over their DNS data, which includes IP address, MX records, SOA values, aliases, PTR records, NS records, and text records. The portal also provides real-time record propagation, record-level control of time-to-live (TTL) settings, and zone file error-checking to reduce DNS outages from human error.[12]
Verisign first launched managed DNS programs in 2003; however, in August 2010, its services were relaunched with a focus on large organizations that depend on optimized and reliable DNS. When announcing their DNS service launch, it was noted that the company's experience managing the large .com, .net, and other root zone files makes it a clear competitor in what was, at the time, a relatively small group of DNS service providers. Their DNS services are part of the larger package of iDefense and DDoS protection services.
Verisign is able to claim fast responses times given its globally deployed DNS servers, reliable content delivery networks, and directive location services. This is part of its Global Load Server Balancing (GLSB), which also enables automatic fail-over, which means that in the event that a server goes down, affected clients will then be redirected to an alternative server. Other features include split DNS for the maintenance of separate name spaces for internal and external clients.[13]
Since March 2011, Verisign's DNS services include full support for DNS Security Extensions (DNSSEC) compliance features and Geo Location capabilities. It facilitates the process of managing DNSSEC by signing all zone files in a customer's account, continually checking the status of DNSSEC keys to ensure they are valid, and automatically publishing new keys after the existing ones expire, which is considered the most challenging component of DNSSEC. The Geo Location capabilities allow customers to differentiate responses to DNS queries and optimize network performance, which in turn allows Verisign's customers to deliver location-specific content, offers, and advertisements more relevant to potential customers.[14]
In order to maintain a position as a top-level Internet domain, Verisign's DNS network has to have a capacity 100 times the peak load it sees in a year.[15]
DDoS Protection Services[edit | edit source]
Verisign's expertise with large-scale network infrastructure once again comes in to play with regards to its DDoS Protection Services, which use a proprietary filtering technology to stop distributed denial of service (DDoS) attacks in the cloud before they ever reach a customer’s network. The services are network and hardware agnostic, require no hardware installation, and are able to detect and filter malicious traffic away from enterprise websites.[16]
Verisign's DDoS Protection Services began as an offering for large financial institutions, but in May 2011, as the frequency of DDos attacks on the Internet increased, Verisign began to also offer these same cloud-based services at small and midsize businesses as well. In addition to these proactive services, it also began offering reactive services that allow businesses, particularly small businesses, to call Verisign after an attack.[17]
The need for and attention on these services increased after the 2009 holiday shopping season, when major attacks took down the sites of e-retailers such as Walmart, Amazon, Expedia, and Gap.[15]
iDefense Security Intelligence Services[edit | edit source]
Verisign iDefense Security Intelligence Services give customers access to current and actionable intelligence related to vulnerabilities, malicious code, and global threats. Verisign has an experienced multinational network of security experts acting as an extension of their customers' teams, giving them exclusive access to the most in-depth cyber threat intelligence available. This includes intelligence to avoid false alarms.[18]
In February 2010, Agiliance Inc., a leading independent provider of Integrated Governance, Risk and Compliance (GRC) solutions, announced that its threat and vulnerability automation solution would be integrated with iDefense Security Intelligence Services.[19]
In 2012, Frost and Sullivan recognized Verisign's iDefense with the 2012 North American Frost & Sullivan Award for Product Differentiation; the decision was made based off its analysis of the vulnerability research market. Frost & Sullivan Research Analyst, Richard Martinez, noted that, "Verisign iDefense Security Intelligence Services provide around-the-clock access to relevant and actionable cyber intelligence, supporting decision-makers with threat awareness, vulnerability management and incident management resources." It was also noted that Verisign created the iDefense Vulnerability Contributor Program with hundreds of expert vulnerability researchers from around the globe, to provide insight into the cyber underground, undiscovered vulnerabilities and global threats in more than 20 languages.[20]
Relationship with ICANN[edit | edit source]
Verisign existed before ICANN, and thus with the establishment of the Internet's oversight body, Verisign was in a place of sustained recognition as the registry of many of the Internet's most important TLDs. While it has given up some of its original TLD oversight, it continues to manage the Internet's most well-known extension, .com, and others.
Sponsorship[edit | edit source]
Verisign is consistently one of the largest sponsors of ICANN's meetings; they sponsored at the Platinum level or above for all 2011 meetings.[21][22][23] Some commentators attributed the ability of ICANN to secure former U.S. President, Bill Clinton, to speak at ICANN 40 with the especially high level at which Verisign sponsored that meeting.[24][25]
Site Finder Service[edit | edit source]
Verisign launched its Site Finder service in September 2003, which redirected end-users to its Site Finder search engine if they attempted to access unregistered web addresses. ICANN published a report against this policy stating, "Verisign violated architectural principles, codes of conduct and good practice," and ICANN declared Site Finder in violation of Verisign's contracts for running the master address lists for .com[26] ICANN then asked Verisign to suspend its Site Finder service.[27] In October, a hearing took place place in Washington, D.C. to review technical issues with the U.S. Department of Commerce, which authorizes Verisign to operate the DNS for .com and .net. VeriSign subsequently shut down the service.
In February 2004, Verisign sued ICANN claiming Verisign had unlawfully been prevented from adding new features to .com and .net.[28]. In August 2004, the claim was moved from federal to California state court.[29] More than a year later, in late 2005, Verisign and ICANN announced a proposed settlement that introduced new terms for registry services in the .com registry. The documents of these agreements are publicly available at ICANN's official website and can be viewed here.
.com Renewals[edit | edit source]
The dropping of the aforementioned litigation between Verisign and ICANN cleared the way for the renewal of the .com registry agreement from 2005 through 2012.[30] The agreement and its appendices can be viewed via the ICANN site here.
In March 2012, ICANN posted a proposal for Verisign's potential renewal of the 2006 .com registry agreement.[31] Three months later, in June 2012, the ICANN Board went against community suggestions to approve Verisign's .com registry agreement for an additional seven years after its expiration on November 30th, 2012. According to the ICANN decision, Verisign would've also been allowed to increase its registry fee by 7% in four out of the next seven years,[32] but this decision was changed by the Department of Commerce. Nonetheless, the new policy will result in Verisign paying ICANN a $0.25 fee for every .com registration, renewal, or transfer, instead of the lump sums it paid previously, potentially netting ICANN an additional $8 million in revenue annually.[33][34] The original board resolutions can be viewed here.
In August 2012, three of ICANN's Constituencies (ALAC, GNSO Business Constituency, GNSO Intellectual Property Constituency) sent a letter to ICANN complaining that the organization held its renewal talks with Verisign behind closed doors and the result is that there are no Thick Whois requirements for the .com TLD.[35] The decision could not move forward without approval from the Department of Commerce, which Verisign received on November 29th, 2012.[34][36]
Verisign is to serve as the registry operator for .com from December 2012 through November 2018, with new terms and conditions, including:
- Verisign's current pricing of $7.85 per domain name registration will remain unchanged for the next six years;
- Verisign no longer holds the right to increasing prices up to seven percent over the six-year term, and all new price increases will be circumstantial and subject to Commerce Department approval.[36]
Those who benefit most from the prize freeze include consumers, those who purchase .com domain names in bulk, brand owners who maintain expensive defensive registrations, and registrars who no longer need to pass on cost increases to their consumers.[37]
"Consumers will benefit from Verisign's removal of the automatic price increases," said Larry Strickling of NTIA. "At the same time, the agreement protects the security and stability of the Internet by allowing Verisign to take cost-based price increases where justified."[38]
If ICANN's new gTLD program becomes successful and "market power" is removed from .com's, Verisign believes that all price caps on .com's could be lifted as early as 2014.[39]
.net Renewals[edit | edit source]
In other domain name negotiations with ICANN, Verisign traded the .org TLD in return for continued rights over .com. In mid-2005, when Verisign's contract for operation of the .net TLD expired, Verisign and five other companies bid for it. Verisign was supported by renowned IT companies like Microsoft, IBM, Sun Microsystems, and MCI. On June 8, 2005, ICANN announced that Verisign had been approved to operate .net until 2011.[40] These agreements have presumptive right of renewal clauses that encourage the registry operators to invest in critical Internet infrastructure. Verisign was subsequently approved to operate the .net registry through 2017.[41]
.net Audit[edit | edit source]
In January, 2013, Senior Vice President Pat Kane sent ICANN a letter stating that it had no intentions submitting to an ICANN audit of its .net registry. Kane wrote, "Verisign has no contractual obligations under its .net Registry Agreement with ICANN to comply with the proposed audit. Absent such express contractual obligations, Verisign will not submit itself to an audit by or at the direction of ICANN of its books and records." This comes directly after implementing a new "Contractual Compliance Audit Program", introduced under new CEO Fadi Chehadé in mid-late 2012 as a 3 year plan to ensure all registries and registrars are following their contracts. A registry audit would entail a review of compliance with Whois, zone file access, data escrow, monthly reporting, and other policies outlined in the registry agreements. Mr. Chehadé had made a big focus of Contract Compliance and had promoted the head of Compliance, Maguy Serad, to report directly to him.[42]
New gTLDs[edit | edit source]
IDN Transliterations of .com & .net[edit | edit source]
In December 2011, weeks before the opening of ICANN's new gTLD program, the Chinese national registry, CNNIC, announced that it was applying for the IDN equivalents of .company, and .network.[43] This move was seen as potentially problematic given Verisign's own plans to seek the IDN equivalents of their .com and .net TLDs, such as their intention to apply for multiple transliterated versions of .com and .net.[44] Verisign's Pat Kane later added in January 2012 that the company was planning on applying for "about 12" new gTLDs, and noted that most of these were going to be foreign language transliterations of .com.[45] Expected languages included Japanese, Korean, Chinese, Cyrillic, Arabic, and Hebrew.[46] It was also noted then that Verisign had already been chosen to provide registry services for several .brand initiatives.[47]
During its first quarter earnings report, on April 26, 2012, it was confirmed that Verisign would be applying for 14 new gTLDs, 12 of which are foreign language transliterations of .com and .net.
The languages chosen for transliterations include: Thai, Deva, Korean (Hang), Chinese (Hant/Traditional & Hans/Simplified), Hebrew, Russian, Arabic, Japanese. The two non-IDN applications by the company are for .comsec and .verisign.
Clients[edit | edit source]
They also announced that they had been contracted by 220 new gTLD applicants to provide technical backend services.[48][49] They were the fourth most popular registry services provider, contracted by a total of 12% of applicants.[50]
Capabilities[edit | edit source]
In November 2012, the three entities most responsible for the Internet's Root Zone, ICANN, NTIA, and Verisign, confirmed that they were prepared with enough resources to launch up to 100 new gTLDs per week.[51]
Trademark Clearinghouse Model[edit | edit source]
In October 2012, a coalition of the world's most prominent registries, Neustar, ARI Registry Services, Verisign and Demand Media jointly proposed two models for the mandatory new gTLD Sunrise period and Trademark Claims service involved in the Trademark Clearinghouse that differ from ICANN's. To excerpt their letter:
"This proposed model simplifies the ICANN model by decreasing the coupling between the Trademark Clearinghouse (TMCH) and registries. The model is as follows:
- The TMCH generates and maintains a global public-private key pair and provides the public key to the registrars and registries. This can be done simply by publishing the public key on the TMCH website. This website should be provided over HTTPs using a digital certificate from a reputable certificate authority. The DNS records associated with this website should be protected using DNSSEC. We believe that there are no issues with security of the public key and anyone in the world can have access to it.
- Once the TMCH has authenticated the trademark information provided by the trademark holder, and validated the use requirements for eligibility to participate in sunrise, the TMCH signs the sunrise (trademark) data with its private key. The digitally signed information is referred to as the ‘Signed Mark Data’ (SMD) and is provided to the mark holder. Typically, this would be in the form of a file download from the TMCH website. The SMD includes all of the domain labels (domain names) possible to be used in registrations for the validated trademark (IDN variants excluded).
- As each TLD begins its sunrise phase, the mark holder selects a registrar and provides the registrar with the SMD as part of an application for a name within the applicable sunrise period. The registrar (or its reseller) has the ability, if it chooses to, to validate the information using the TMCH public key and then forward the information to the registry to create the application.
- The registry verifies the signature of the SMD with the public key and verifies that one of the labels within the SMD matches the domain label being registered. The registry may also then verify any other information in the SMD to ensure it is consistent with the registry’s sunrise eligibility policies. The application, or domain name, is then created.
- At the closure of the sunrise round, the registry operator will then make allocations of domain names.
- The registry notifies the TMCH of the registered domain names for the purpose of notifying mark holders about the fact that a name was registered that matches their mark as well as reporting purposes. These notices will be referred to as ‘Notification of Registered Name’ notices (NORN). We believe that a daily upload of registered names to the TMCH is sufficient for the purpose of generating NORN notices.
This solution also works for those that are conducting 'first come – first served' style sunrise processes."[52]
Raises Questions on Security & Readiness[edit | edit source]
In late March 2013, Verisign sent ICANN and the U.S. Dept. of Commerce a report analyzing the readiness of ICANN to safely implement its New gTLD Program. The 21 page document covered a large variety of issues but focused on readiness and potential weak points in the program and the implementation of New gTLDs. Many speculated at reasons beyond public welfare for the report being issued, such as an interest in delaying the program due to its vested interest in the .com market dominance. Still, Verisign has over 200 new gTLD clients that are looking towards implementation in order to start profiting from or otherwise utilizing their applied-for extensions. ICANN's CEO, Mr. Fadi Chehadé, defended the organization's readiness and noted that the report contained no new information or areas that have not been addressed, stressing that the program was continuing on schedule with an acute attention to all matters of security.[53]
Security Breach[edit | edit source]
As per routine for public companies, Verisign filed a quarterly 10-Q with the SEC in October 2011. The form contains a section for security issues that could compromise the company, in which Verisign disclosed a 2010 hack that affected limited parts of their computers and servers. While the disclosure suddenly got a lot of attention months later, one commentator argued that it was merely a "minor network breach".[54] Verisign has since reaffirmed that the DNS was not compromised.[55]
Selling Authentication Services Business to Symantec[edit | edit source]
Verisign's previous logo, a check mark and the tag "VeriSign Secured", is one of the most trusted marks of secured websites. Even though providing Internet security was an initial objective of the company, Verisign shifted its priority over time to website management and its domain registration business.
Verisign began by selling some of its services piecemeal. Finally, in May 2010, Verisign sold the entire division to Symantec for 1.28 million.[4] Because of this deal, Symantec now has the right to VeriSign's authentication logo and the "VeriSign Secured" tag for SSL certification. Verisign's Security Services included managing services such as firewalls, intrusion detection and prevention, vulnerability protection, etc. It also provided global security consulting, email security, authentication and digital certificate/SSL validation, and Extended Validation (High Assurance) SSL Certificates.
BulkRegister Accusations[edit | edit source]
In May 2002, BulkRegister sued Verisign for domain slamming.[56] BulkRegister claimed Verisign "engaged in unfair practices" with a recent marketing campaign that attempted to get domain owners to use Verisign to renew their existing policy. In 2003, Verisign was found not to have broken the law and as a result did not need to pay any fines. However, Verisign was barred from suggesting domain renewal or expiration prospects.[57]
Waiting List Service (WLS)[edit | edit source]
On December 30, 2001, Verisign proposed the implementation of the Waiting List Service (WLS) to ICANN's DNSO. Based on its proposal, the WLS will provide registrants with the opportunity to reserve preferred domain names that are currently registered by other subscribers. Registrars will directly reserve and transact with Verisign to reserve the domain name under the WLS. A domain name will only be transferred to an individual who made the reservation if the original owner submitted a request to delete the domain name. Verisign proposed a $35 fee for the service.[58]
Verisign revised its WLS proposals twice in response to public comments and discussions with registrars and other organizations, on January 28, 2002, and March 20, 2002, respectively.[59] [60] Despite objections, on August 23, 2002, ICANN approved the renegotiation of Verisign's .com and .net registry agreement to incorporate the proper amendments for the implementation of the WLS for 12-month trial periods. The final subscription fee was $24.[61]
On January 26, 2004, ICANN General Counsel and Secretary John Jeffrey sent Verisign the Conclusion of the Negotiation regarding ICANN's conditions prior to the implementation of the WLS wherein a special provision stated that the amendments made to the .com and .net registry needed approval from U.S. Department of Commerce (DOC).[62] The implementation of the WLS was delayed due to Verisign's failure to seek approval from the DOC and to make necessary changes to its .net registry agreement.[63]
Verisign filed a legal case against ICANN on February 26, 2004. The company accused ICANN of seriously abusing its technical coordination function by requiring Verisign to stop its Site Finder Service to the .com and .net domain name space. The company also noted the delay of the implementation of the WLS and the inclusion of new procedures not required by the 2001 .com and .net registry agreements, such as the price reduction for the WLS service. According to Verisign, the conditions benefited the different ICANN constituencies but were unfavorable to the company. Furthermore, Verisign pointed out that ICANN denied the company the ability to profit by delaying the WLS while other companies were able to offer similar services to Internet users.[64]
United States District Court Judge Howard Matz dismissed the lawsuit on August 26, 2004. According to the judge, Verisign failed to provide sufficient evidence to prove its anti-trust complaint against ICANN.[65] Verisign elevated the case to the Superior Court of California in Los Angeles,[66] and the two parties settled the lawsuit on February 28, 2006. The settlement permanently killed the WLS.[67]
Infrastructure Research Grant Program[edit | edit source]
The Infrastructure Research Program was launched by Verisign in 2010 as part of the 25th anniversary celebration of the .com TLD. The company awarded a total of $300,000 to four compelling infrastructure research projects. Each project was given $75,000 and the program concluded in October 2011. In January 2012, the company announced that it will award two new $200,000 infrastructure research grants to compelling projects concentrating on topics of internet access and global infrastructural challenges, particularly those in developing countries. Experts in technology and policy development who have made significant contributions in the growth of the internet industry will judge the research project proposals.[68]
History[edit | edit source]
- 1995 - RSA pioneered two-factor authentication and encryption, and Verisign was founded as a 'spin-off' of the RSA security technology to act as a certificate authority.[69]
- 1995 June - Verisign announced partnerships with Apple Computer Inc. and Netscape Communications Corp. to implement VeriSign's Digital IDs in their software products.[70]
- 1995 August - Verisign appointed Stratton Sclavos President and CEO.[71]
- 1996 January - Verisign introduced the first online digital certificate issue system at the RSA Data Security Conference in San Francisco.[72] Verisign also announced an agreement with Terisa Systems to develop a new and complete Internet security solutions.[73]
- 1996 January - Secure Email was launched. Verisign lunched Code Signing with Microsoft in March, 1996. In August, 1996, Microsoft and Verisign announced the availability of client authentication technology for Microsoft IE users by using Verisign Digital IDs. [74]
- 1997 - the First Internet Commerce Transactions Linking Europe, Asia, and the United States was conducted by Verifone and Verisign.[75] The United States Department of Commerce approved VeriSign's plans to issue new Verisign Global Server IDs in June 1997, which allowed 128-bit encryption.
- 1997 - VeriSign filed to raise $40 million for its public stock.[76] On January 10, 1998, VeriSign went public.[77]
- 1998 October - Verisign released a fully integrated PKI platform, OnSite 4.0.[79]
- 1998 November - Verisign offered Y2K testing certs for free.
- 1998 December - Verisign introduced digital certificate service for Wireless Application Protocol (WAP) servers and gateways.[80]
- 2000 March - Verisign acquired Network Solutions for $21 billion USD, which was the largest Internet purchase to date.[81][82]
- 2003 November - Verisign sold Network Solutions to Pivotal Private Equity for about $100 million.[83]
- 2005 May - Verisign introduced a new 2048 bit VeriSign Class 3 Secure Server CA which was used to sign Secure Site Certificates obtained from their website for IIS web servers.[84]
- 2005 November - Verisign sold their online payment service, used in conjunction with Paypal, to eBay for approximately $370 million.[85]
- 2006 December - Verisign introduced Extended Validation SSL Certificates, standard practices for certificate validation and display approved by a group of leading SSL Certificate Authorities and browser vendors.[86]
- 2007 November - Verisign announced plans to divest in its slower growing units and invest more in website naming and Internet security services. Projections suggested that these steps would cut Verisign's workforce in half.[87]
- 2008 - Verisign sold its global Digital Brand Management Services business for US$50 million to MelbourneIT.[88]
- 2009 May - Stratton Sclavos stepped down from his positions as CEO of Verisign and William Roper Jr. was named to that position.[89]. Later, Jim Bidzos, the founder of Verisign was appointed as the CEO and President.[90]
- 2010 May - Verisign sold the entire Authentication Services division to Symantec for 1.28 million.[4] Because of this deal, Symantec now has the right to Verisign's old logo and the "VeriSign Secured" tag for SSL certification.
- 2010 August - Verisign announced that it would move its headquarters from Mountain View, California to Reston, Virginia within the coming year. The move was explained given that 95% of the company's business is based on the East coast.[91]
- 2011 July - Mark McLaughlin resigned from his position as CEO. He worked with Verisign since 2000, and had been CEO since 2009. Following Mr. McLaughlin's departure, Founder, Chairman, and former CEO Jim Bidzos resumed his duties as CEO.[92] Another prominent executive, CFO Brian Robins, resigned in September, 2011. This happened as Verisign's stocks suffered and rumors of a buyout started circulating.[93]
- 2011 October - Verisign submitted its plan for a new Verisign Anti-Abuse Domain Use Policy for approval by ICANN. The policy would allow Verisign to scan domains in the .com, .net, and .name namespaces for malware, as well as to create a suspension system for sites knowingly hosting malware. These scans would be conducted quarterly, and a registrar would be able to opt out.[94] The policy would also allow Verisign to shut down websites at the request of law enforcement officials, and possibly for trademark interests.[95] The policy was deemed controversial, with concern about government involvement in the Internet, as well as concern from domain registrars regarding the blurring of lines between registries and registrars.[96] Two days after releasing the proposal, Verisign withdrew the request.[97]
- 2011 November - After the 2011 ICANN Board approval of a new gTLD program, it was announced that Verisign would pursue new IDN translations of it popular .com namespace.[99]
- 2013 February - Famous billionaire and investor, Warren Buffet, bought 3,685,700 shares of Verisign for $165 million.[101]
Acquisitions[edit | edit source]
- 1999 - Verisign aquires Thawte Consulting and Signio.[102]
- October 2000 - Verisign aquires GreatDomains.com.
- December 2001 - eNIC Corporation and the .cc registry.
- 2002 - HO Systems
- 2003 - Guardent
- 2004 - Unimobile and Jamba
- January 2005 - Verisign buys wireless photo messaging firm LightSurf for about $270 million.[103]
- May 2005 - Verisign buys Lightbridge, an ecommerce company[104] and also purchases R4 Global Solutions.
- July 2005 - Verisign aquires security intelligence specialist iDefense for $40 Million.
- March 2006 - Verisign anounced acquisition of Kontiki for $62 million.[105]
- May 2006 - Acquisition of GeoTrust Inc., for $125 million.[106]
- November 2006 - inCode Wireless.[107]
- March 2007 - Verisign aquires Network Solutions for approximately $21 billion in stock.[82]
References[edit | edit source]
- ↑ 1.0 1.1 1.2 Fact Sheet. Verisign.
- ↑ Internet Grows to More than 233 million Domain names In The First Quarter. Market Wire. Published 2012 July 13.
- ↑ VRSN. Yahoo! Finance.
- ↑ 4.0 4.1 4.2 UPDATE 2-Symantec close to buying VeriSign unit -- source. Reuters. Published 2010 May 18.
- ↑ Verisign, En.Wikipedia.org
- ↑ Com Passed 100 million mark in October
- ↑ Verisign Sites Pretty at 39 Registered Half of All Domain Names, Trefis.com
- ↑ Verisign’s Dropping .com And .net Is A Troubling Trend, trefis.com
- ↑ Registrars Increasing Prices more than the Verisign Price Increase, ElliotsBlog.com
- ↑ 10k Filing, Investor.Verisign.com
- ↑ Verisign Launches Uptime Bundle Combining DDoS Protection Managed DNS and Threat Intelligence, SecurityWeek.com
- ↑ Managed DNS, Products, LinkedIn.com
- ↑ Verisign Enters the Managed DNS Market, NetworkComputing.com
- ↑ Verisign Enhances Its Managed DNS Services, MarketWire.com Retrieved 15 November 2012
- ↑ 15.0 15.1 Verisign Service Shields Small eTailers DDoS Attacks, ITworld.com Retrieved 15 November 2012.
- ↑ DDoS Protection Services, LinkedIn.com Retrieved 15 November 2012
- ↑ Verisign DDoS. Network World. Retrieved 16 November 2012.
- ↑ Verisign iDefense Security, Products, LinkedIn.com.
- ↑ Verisign iDefense, Agiliance.com. Published 23 February 2010.
- ↑ Frost Sullivan Recognizes Verisign for Security Services, CircleID.com. Retrieved 16 November 2012.
- ↑ Dakar42.ICANN.org
- ↑ Singapore41.ICANN.org
- ↑ SVSF40.ICANN.org
- ↑ Verisign Drops 150,000 on ICANN Singapore, DomainIncite.com. Published 23 May 2011.
- ↑ Bill Clinton to Address ICANN San Francisco Meeting, DomainNameWire.com. Published 13 January 2011.
- ↑ "ICANN report attacks VeriSign Site Finder service, Out-Law.com.
- ↑ ICANN asks VeriSign to suspend Site Finder service, Out-Law.com.
- ↑ VeriSign sues ICANN to restore Site Finder, CNet.com. Published 26 February 2004.
- ↑ Verisign, Inc. v. ICANN, ICANN.org.
- ↑ Verisign ICANN deal, TheRegister.co.uk. Puhed 25 October 2005.
- ↑ .com Registry Agreement Renewal, ICANN.org.
- ↑ ICANN gives Verisign’s .com contract the nod, DomainIncite.com. Published 25 June 2012. Retrieved 28 November 2012.
- ↑ ICANN to get $8 million more from new .com deal, DomainIncite.com. Published 27 July 2012. Retrieved 28 November 2012.
- ↑ 34.0 34.1 US probing Verisign price hikes, .com contract may be extended, DomainIncite.com. Published 25 October 2012. Retrieved 28 November 2012.
- ↑ Constituencies Blast ICANNs Closed Door Verisign Com Contract Renewal, DomainNameWire.com
- ↑ 36.0 36.1 Verisign Announces US Department of Commerce Approval of Newly Revised .com Registry Agreement, Verisign.com. Published 30 November 2012.
- ↑ Winners and losers in the new .com pricing regime, DomainIncite.com. Published 30 November 2012.
- ↑ Department of Commerce Approves Verisign-ICANN .com Registry Renewal Agreement, NTIA.doc.gov. Published 30 November 2012.
- ↑ Verisign: If New gTLD’s Are Successful We Might Be Able To Lift All Price Caps On .Com’s, TheDomains.com. Published 30 November 2012.
- ↑ General Information Regarding Designation of the Subsequent .net registry Operator, ICANN.org.
- ↑ ICANN Renews Verisign .net Contract, InternetNews.com. Published 5 July 2011.
- ↑ In Major Sub Verisign Refuses to Let ICANN Audit Net, DomainIncite.comPublished & retrieved 11 Jan 2012
- ↑ .company .network Domain Names, Sina.com. Published 20 December 2011.
- ↑ Verisign Wants Com and Net, ManagingIP.com. Published 3 February 2011.
- ↑ 2011 Results Earnings Call Transcript, SeekingAlpha.com. Published 26 January 2012.
- ↑ Verisign Plans to Apply for About 12 New Top Level Domain Names, DomainNameWire.com. Published 26 January 2012.
- ↑ Verisign to Apply for a Dozen New gTLDs, DomainIncite.com. Published 27 January 2012.
- ↑ Breaking: Verisign has 220 new gTLD clients, DomainIncite.com. Published 26 April 2012.
- ↑ VeriSign is backend for 220 new TLD applicants and applies for 14 itself, DomainNameWire.com. Published 26 April 2012.
- ↑ The Registry Back end Market Numbers are In, DomainIncite.com. Published 17 June 2012.
- ↑ ICANN Verisign and Ntia Ready for 100 New gTLDs per week, DomainIncite.com. Published 8 November 2012.
- ↑ IP interests Should Join The Trademark Clearinghouse Meeting, DomainIncite.com. Published 5 October 2012.
- ↑ Chehade Says No Delay as Verisign Drops a Security Bomb, DomainIncite.com Published& Retrieved March 29 2013
- ↑ World notices Verisign Said 3 months ago They Had Security Breach, CircleID.com. Published 2 February 2012.
- ↑ Press Release, VerisignInc.com.
- ↑ BulkRegister Sues VeriSign for Slamming. Internet News. Published 2002 May 13.
- ↑ VeriSign slammed for domain renewal scam. The Register. Published 2003 September 25.
- ↑ Domain Name Wait Listing Service. ICANN. Published 2011 December 30.
- ↑ WLS Revision January 28, 2001. ICANN. Published 2002 January 28.
- ↑ WLS Revision March 20, 2002. ICANN. Published 2002 March 20.
- ↑ VeriSign WLS Proposal. ICANN. Published 2002 August 23.
- ↑ Conclusion of WLS Negotiations. ICANN. Retrieved 2004 January 26.
- ↑ International Chamber of Commerce International Court of Arbitration ICANN vs. Verisign. ICANN. Published 2004 November 12.
- ↑ Verisign Vs. ICANN. ICANN. Published 2004 February 26.
- ↑ U.S. Federal District Court Dismisses VeriSign's Anti-Trust Claim Against ICANN with Prejudice. PR News Wire.
- ↑ Verisign Re-files lawsuit against ICANN. Face Back. Published 2004 September 1.
- ↑ Settlement Agreement. ICANN. Published 2006 February 28.
- ↑ Verisign to Award New Infrastructure Research Grants. Circle ID. Published 2012 January 17.
- ↑ RSA and Verisign Team Up On Cloud-Based, Two-Factor Authentication Offering. RSA. Published 2009 October 8.
- ↑ VeriSign Inc. Announces Partnerships with Industry Leaders. The Free Library. Published 1995 June 22.
- ↑ VeriSign appoints Stratton D. Sclavos president and CEO. The Free Library. Published 1995 August 17.
- ↑ VeriSign, Inc. - Company Profile. Reference for Business.
- ↑ Verisign and Turisa Systems to Partner. The Free Library. Published 1996 January 16.
- ↑ Microsoft and VeriSign Announce Availability of Digital IDs For Microsoft Internet Explorer 3.0 User. Microsoft. Published 1996 August 13.
- ↑ VeriFone and VeriSign Conduct First Internet Commerce Transactions Linking Europe, Asia and the United States Through Global Security Standard. The Free Library. Published 1997 July 18
- ↑ VeriSign files to launch IPO. CNET. Published 2007 November 24.
- ↑ History of VeriSign, Inc.. Funding Universe.
- ↑ AirDefense Strengthens Management Team With IT Security Veterans. The Free Library. Published 2002 August 26.
- ↑ VeriSign Expands PKI Training and Consulting Services. The Free Library. Published 1998 October 13.
- ↑ Verisign Launches World's Most Comprehensive Digital Certificate Service for Wireless Web Servers. WAP Forum. Published 1999 December 21.
- ↑ Corporate History. Network Solutions.
- ↑ 82.0 82.1 VeriSign buys domain firm. CNN Money. Published 2000 March 7.
- ↑ VeriSign sells Network Solutions. Info World. Published 2003 October 16.
- ↑ National Do Not Call Registry. Bennadel. Published 2006 November 10.
- ↑ eBay spends $370 million for PayPal rival. CNET. Published 2005 October 10.
- ↑ How SSL Works. Verisign.
- ↑ VeriSign to divest slower units, sees staff halved. Reuters. Published 2007 November 14.
- ↑ Melbourne IT Buys VeriSign Assets. The Whir. Published 2008 May 1.
- ↑ http://blog.domaintools.com/2007/05/stratton-sclavos-ceo-of-verisign-steps-down. Domain Tools. Published 2007 May 29.
- ↑ Jim Bidzos back as chairman of VeriSign. IT Knowledge Exchange. Published 2007 August 22.
- ↑ Verisign Shifts Headquarters to Virginia. Biz Journals. Published 2010 August 27.
- ↑ Verisign CEO resigns. The Wir.
- ↑ VeriSign CFO quits. Domain Incite. Published 2011 September 8.
- ↑ VeriSign Proposes Takedown Procedures and Malware Scanning for .Com. Domain Name Wire. Published 2011 October 11.
- ↑ Of Canaries and Coal Mines: Verisign's Proposal and Sudden Withdrawal of Domain Anti-Abuse Policy. CircleID. Published 2011 October 14.
- ↑ Registrars not happy with VeriSign abuse plans. Domain Incite. Published 2011 October 12.
- ↑ VeriSign Withdraws Request for Domain Takedown. Domain Name Wire. Published 2011 October 13.
- ↑ Com Passed 100 million mark in October. Domain Incite. Published 2012 February 2.
- ↑ Afilias to Apply for Chinese .info. Domain Incite. Published 2011 November 8.
- ↑ ICANN gives Verisign’s .com contract the nod, DomainIncite.com. Published 25 June 2012. Retrieved 28 November 2012.
- ↑ Warren Buffet Invests in 165 million dollars into Domain Industry, TheDomains.com Published and Retrieved 15 Feb 2013
- ↑ VeriSign aquires Thwate and Signio. ZDNet. Published 1999 December 21.
- ↑ VeriSign to buy messaging firm LightSurf. CNET. Published 2005 January 10.
- ↑ VeriSign to Acquire Lightbridge's PrepayIN Technology Platform and Customer Base. Payment News. Published 2005 April 26.
- ↑ VeriSign to acquire Kontiki. ZDNet. Published 2006 March 13.
- ↑ Compliance and Privacy. Net Craft. Published 2006 May 17.
- ↑ VeriSign To Acquire inCode Wireless. Compliance and Privacy.