Jump to content

Verisign: Difference between revisions

From ICANNWiki
No edit summary
No edit summary
Line 131: Line 131:
== Domain Slamming ==
== Domain Slamming ==
In May 2002, [[BulkRegister]] sued Verisign for [[domain slamming]].<ref>[http://www.internetnews.com/xSP/article.php/1121321/BulkRegister-Sues-VeriSign-for-Slamming.htm Internet News]</ref> [[BulkRegister]] claimed Verisign "engaged in unfair practices" with a recent marketing campaign that attempted to get domain owners to use Verisign to renew their existing policy. In 2003, Verisign was found not to have broken the law and as a result did not need to pay any fine. However, Verisign was barred from suggesting domain renewal or expiration prospects.<ref>[http://www.theregister.co.uk/2003/09/25/verisign_slammed_for_domain_renewal/ The Register.co.uk]</ref>
In May 2002, [[BulkRegister]] sued Verisign for [[domain slamming]].<ref>[http://www.internetnews.com/xSP/article.php/1121321/BulkRegister-Sues-VeriSign-for-Slamming.htm Internet News]</ref> [[BulkRegister]] claimed Verisign "engaged in unfair practices" with a recent marketing campaign that attempted to get domain owners to use Verisign to renew their existing policy. In 2003, Verisign was found not to have broken the law and as a result did not need to pay any fine. However, Verisign was barred from suggesting domain renewal or expiration prospects.<ref>[http://www.theregister.co.uk/2003/09/25/verisign_slammed_for_domain_renewal/ The Register.co.uk]</ref>
== Security Breach==
As per routine for public companies, Verisign filed a quarterly 10-Q with the SEC in October 2011. The form includes a section asking about any security issues that could compromise the company, and in this instance Verisign disclosed a 2010 hack into limited parts of their computers and servers. While the disclosure suddenly got a lot of attention months later, one commentator notes that it is not a big deal at all and seemed to be a "minor network breach".<ref>[http://www.circleid.com/posts/20120202_world_notices_verisign_said_3_months_ago_they_had_security_breach/ World notices Verisign Said 3 months ago They Had Security Breach, CircleID.com]</ref> Verisign has since reaffirmed that its [[DNS]] was not compromised.<ref>[http://verisigninc.com/en_US/news-events/press-room/articles/index.xhtml?artLink=aHR0cHM6Ly9wcmVzcy52ZXJpc2lnbi5jb20vZWFzeWlyL2N1c3RvbXJlbC5kbz9lYXN5aXJpZD1BRkMwRkYwREI1QzU2MEQzJnZlcnNpb249bGl2ZSZwcmlkPTg0Nzg2OSZyZWxlYXNlanNwPWN1c3RvbV85Nw%3D%3D&CMP=TW Press Release, VerisignINC.com]</ref>


== Site Finder Service and Issues with ICANN ==
== Site Finder Service and Issues with ICANN ==

Revision as of 18:33, 3 February 2012

ICANNWiki Platinum Sponsor
Type: Public
Industry: Internet, Communications, Registry
Founded: USA (1995)
Founder(s): Jim Bidzos
Headquarters: 487 East Middlefield Road,
Mountain View, CA 94043
Country: USA
Employees: 2,225
Revenue: $1.5 billion USD (2007)
Website: Verisigninc.com
Twitter: @VERISIGN
Key People
Jim Bidzos, Founder, Chairman, CEO

Pat Kane, SVP and GM of Naming Services
Keith Drazek, Director of Policy
Shane Tews, Global Public Policy, Senior Washington Rep.
Chuck Gomes, VP of Policy and Compliance

Verisign is an Internet infrastructure service provider. It is s based in Mountain View, CA and was founded in 1995. Verisign has offices in California, Washington D.C., Indiana, as well as Japan, India, Brazil, China, Australia, Switzerland, and the UK.

Its registry services include the provision of authoritative directory of:

It previously was famous for its authentication services, which included business authentication services such as implementing and operating secure networks, utilizing SSL protocol, encrypting transactions and communications, and user authentication services such as, identity protection , fraud detection, and public key infrastructure.[1] Those services were sold to Symantec in 2010.[2]

In October, 2011, Verisign's registry management for .com domains passed the 100 million mark.[3]

History[edit | edit source]

  • 1995 RSA pioneered two-factor authentication and encryption and Verisign was founded as a 'spin-off' of the RSA security technology to act as a certificate authority.[4]
  • June, 1995 Verisign announced partnerships with Apple Computer Inc. and Netscape Communications Corp. to implement VeriSign's Digital IDs in their software products.[5]
  • January, 1996 Verisign introduced the first online digital certificate issue system at the RSA Data Security Conference in San Francisco.[7] Verisign also announced an agreement with Terisa Systems to develop a new and complete internet security solution.[8]
  • January, 1996 Secure Email was launched. Verisign lunched Code Signing with Microsoft in March 1996. In August, 1996, Microsoft and Verisign announced the availability of client authentication technology for Microsoft IE users by using Verisign Digital IDs. [9]
  • 1997, the First Internet Commerce Transactions Linking Europe, Asia, and the United States was conducted by Verifone and Verisign.[10] The United States Department of Commerce approved VeriSign's plans to issue new Verisign Global Server IDs in June 1997 allowing 128-bit encryption.[11]
  • 1997 VeriSign filed to raise $40 million for its public stock.[12] On January 10, 1998, VeriSign went public.[13]
  • July, 1997 Verisign is acquired by SecureIT, a network security service company.[14]
  • October, 1998 Verisign released a fully integrated PKI platform, OnSite 4.0.[15]
  • November, 1998 Verisign offered Y2k testing certs for free.
  • December, 1998, Verisign introduced digital certificate service for Wireless Application Protocol (WAP) servers and gateways.[16]
  • In March, 2000, Verisign acquired Network Solutions for $21 billion USD, which was the largest Internet purchase to date.[17][18]
  • May, 2005 Verisign introduced a new 2048 bit VeriSign Class 3 Secure Server CA which was used to sign Secure Site Certificates obtained from thier website for IIS web servers.[20]
  • November, 2005 Verisign's payment gateway business, Paypal, was sold to eBay for approximately $370 million.[21].
  • December, 2006 Verisign introduces Extended Validation SSL Certificates, standard practices for certificate validation and display approved by a group of leading SSL Certificate Authorities and browser vendors.[22]
  • November, 2007 Verisign announced plans to divest in its slower growing units and invest more in website naming and internet security services.[23] Report shown these steps had cuthalf of its employeers.
  • 2008 Verisign sold its global Digital Brand Management Services business for US$50 million to MelbourneIT.[26]
  • In May 2010, Verisign sold the entire Authentication Services division to Symantec for 1.28 million.[27] Because of this deal, Symantec now has the right to Verisign's old logo and the "Verisign Secured" tag for SSL certification.
  • In July, 2011, Mark McLaughlin resigned from his position as CEO. He worked with Verisign since 2000, and had been CEO since 2009. Following Mr. McLaughlin's departure, Founder, Chairman, and former CEO Jim Bidzos resumed his duties as CEO.[28] Another prominent executive, CFO Brian Robins, resigned in September, 2011. This happened as Verisign's stocks suffered and rumors of a buyout started circulating.[29]
  • In October, 2011, Verisign submitted its plan for a new Verisign Anti-Abuse Domain Use Policy for approval by ICANN. The policy would allow Verisign to scan domains in the .com, .net, and .name namespaces for malware, as well as to create a suspension system for sites knowingly hosting malware. These scans would be conducted quarterly, and a registrar would be able to opt out.[30] The policy would also allow Verisign to shut down websites at the request of law enforcement officials, and possibly for trademark interests.[31] The policy was deemed controversial, with concern about government involvement in the Internet, as well as concern from domain registrars regarding the blurring of lines between registries and registrars.[32] Two days after releasing the proposal, Verisign withdrew the request.[33]
  • It was announced after the 2011 ICANN Board's of approval of a new gTLD program that Verisign would pursue new IDN translations of it popular .com namespace.[34]

Acquisitions[edit | edit source]

  • January, 2005 - Verisign buys wireless photo messaging firm LightSurf for about $270 million.[36]
  • July, 2005 - Verisign aquires security intelligence specialist iDefense for $40 Million.[39].
  • March, 2006 - Verisign anounced acquisition of Kontiki for $62 million.[40]
  • October, 2011, Verisign's registry management for .com domains passed the 100 million mark.[44]

Products and Services[edit | edit source]

Verisign provides its services through two divisions, its Internet Services division and the Security Service Division. The Internet Services division includes Naming & Directory Services such as domain name registration for .com and .net, and DNS-related and RFID services.

Verisign sold its Security Services to Symantec in May, 2010. Verisign's Security Services included managing services such firewalls, intrusion detection and prevention, vulnerability protection, etc. It also provided global security consulting, email security, authentication and digital certificate/SSL validation, and Extended Validation (High Assurance) SSL Certificates.

In January, 2012, Verisign raised the wholesale prices of .com and .net registration by 7%, increasing the price from $7.34 to $7.85. Registrars generally passed the price increase on to customers, and some used it as an excuse to raise their own prices beyond the 7% increase, with some increasing prices by 10 and 12 percent.[45]

Selling Authentication Services Business to Symantec[edit | edit source]

Verisign's logo, a check mark and the tag "VeriSign Secured" is one of the most trusted trademark of secured website. Even though providing internet security was the primary objective of the company, over time Verisign shifted its priority to website management and domain registration business.

Verisign began by selling some of its services piecemeal. Finally, in May 2010, Verisign sold the entire division to Symantec for 1.28 million.[46] Because of this deal, Symantec now has the right to VeriSign's logo and the "VeriSign Secured" tag for SSL certification.

Domain Slamming[edit | edit source]

In May 2002, BulkRegister sued Verisign for domain slamming.[47] BulkRegister claimed Verisign "engaged in unfair practices" with a recent marketing campaign that attempted to get domain owners to use Verisign to renew their existing policy. In 2003, Verisign was found not to have broken the law and as a result did not need to pay any fine. However, Verisign was barred from suggesting domain renewal or expiration prospects.[48]

Security Breach[edit | edit source]

As per routine for public companies, Verisign filed a quarterly 10-Q with the SEC in October 2011. The form includes a section asking about any security issues that could compromise the company, and in this instance Verisign disclosed a 2010 hack into limited parts of their computers and servers. While the disclosure suddenly got a lot of attention months later, one commentator notes that it is not a big deal at all and seemed to be a "minor network breach".[49] Verisign has since reaffirmed that its DNS was not compromised.[50]

Site Finder Service and Issues with ICANN[edit | edit source]

Verisign launched Site Finder September, 2007, which caused a user to be redirected to its Site Finder search engine after the user attempted to access an unregistered address. ICANN published a report against this policy stating "Verisign violated architectural principles, codes of conduct and good practice." ICANN had declared Site Finder in violation of Verisign's contracts for running the master address lists for .com[51] Later, ICANN asked Verisign to suspend its Site Finder service.[52]

In October,a hearing took place place in Washington, D.C. to review technical issues with the U.S. Department of Commerce, which gives permission to Verisign to operate the DNS for .com and .net; VeriSign subsequently shut down the service.

Later, in February 2004, Verisign sued ICANN claiming it had unlawfully been prevented from adding new features to .com and .net.[53]. In August 2004, the claim was moved from federal to California state court. [54] Eventually, in late 2005, Verisign and ICANN announced a proposed settlement introducing terms for new registry services in the .com registry.

The documents of these agreements are publicly available at ICANN's official website and can be viewed here. It should be mentioned that the terms of these agreement were subject to public criticism.

Also, in other domain name negotiations with ICANN, Verisign traded the .org TLD in return for continued rights over .com. In mid 2005, when Verisign's contract for operation with .net expired, Verisign and 5 other companies bid for it. Verisign was supported by renowned IT companies like Microsoft, IBM, Sun Microsystems, and MCI. Finally, on June 8, 2005 ICANN announced that Verisign had been approved to operate .net until 2011.[55]

New gTLDs[edit | edit source]

In December, 2011, weeks before the opening of ICANN's new gTLD program, the Chinese national registry, CNNIC, announced that it was applying for the IDN equivalents of .company, and .network.[56] This move was seen as potentially problematic given Verisign's own plans to seek the IDN equivalents of their .com and .net TLDs; Verisign has perviously said that they will apply for all transliterated versions of .com and .net.[57] Verisign's Pat Kane later added, in January, 2012, that the company was planning on applying for "about 12" new gTLDs, and noted that most of these were going to be transliterations of .com.[58] Confirmed languages that will be applied for include Japanese, Hangul, Chinese, Cyrillic, Arabic, and Hebrew.[59] At that time it was also noted that Verisign had already been chosen to provide registry services for several .brand initiatives.[60]

References[edit | edit source]

  1. Yahoo! Finance
  2. Reuters
  3. Com Passed 100 million mark in October
  4. RSA
  5. bnet
  6. AllBusiness.com
  7. Reference for Business
  8. High Beam
  9. Microsft.com
  10. Highbeam.com
  11. University of Columbia
  12. Cnet.com
  13. Finding Universe
  14. The Free Library
  15. The Free Library
  16. Wap Forum.org
  17. Corporate History, NetworkSolutions.com
  18. Verisign Deals, Money.CNN
  19. Info World
  20. VeriSign
  21. Paypal-Media.com
  22. VeriSign.com
  23. reuters
  24. Domain Tools.blog
  25. IT Knowledge Exchange
  26. The Web Host Industry Review
  27. Reuters
  28. Verisign CEO resigns, The WHIR
  29. VeriSign CFO quits, DomainIncite.com
  30. Domain Name Wire: VeriSign Proposes Takedown Procedures and Malware Scanning for .Com
  31. CircleID: Of Canaries and Coal Mines: Verisign's Proposal and Sudden Withdrawal of Domain Anti-Abuse Policy
  32. Domain Incite: Registrars not happy with VeriSign abuse plans
  33. Domain Name Wire: VeriSign Withdraws Request for Domain Takedown
  34. Afilias to Apply for Chinese .info, DomainIncite.com
  35. ZDNnet
  36. CNet
  37. News Blaze.com
  38. Pharmamanufacturing.com
  39. Silicon.com
  40. ZDNet.com
  41. Net Craft.com
  42. Compliance and Privacy
  43. CNNMoney
  44. Com Passed 100 million mark in October
  45. REgistrars Increasing Prices more than the Verisign Price Increase, ElliotsBlog.com
  46. Reuters
  47. Internet News
  48. The Register.co.uk
  49. World notices Verisign Said 3 months ago They Had Security Breach, CircleID.com
  50. Press Release, VerisignINC.com
  51. "Out-law.com
  52. Out-law.com
  53. CNet News
  54. ICANN.org
  55. [1]
  56. Tech.Sina.com
  57. Verisign Wants Com and Net, ManagingIP.com
  58. 2011 Results Earnings Call Transcript, SeekingAlpha.com
  59. Verisign Plans to Apply for About 12 New Top Level Domain Names, DomainNameWire.com
  60. Verisign to Apply for a Dozen New gTLDs, DomainIncite.com