The threat to universal Internet connectivity

See correction at end of article

On Sept. 15, 2003, engineers at Verisign pressed a button and launched SiteFinder, a service that directed Web users who mistyped .com or .net Web addresses to a VeriSign search engine rather than the usual “page not found” error message.

Within minutes, the new code rippled through the worldwide .com and .net domain name routing infrastructure, which VeriSign controls. Within hours, according to the Internet Corporation for Assigned Names and Numbers (ICANN), it had begun interfering with and in some cases rendering inoperable many spam filters, e-mail applications, and sequenced lookup services designed to expect the prior error message protocol.

Within days, a public outcry from the technical community and ISPs — who had scrambled to write work-arounds to the new code — forced ICANN to demand the withdrawal of the new service, claiming it “substantially interfered with some number of existing services” and “considerably weakened the stability of the Internet.” On the night of Oct. 4, VeriSign pulled the plug.

Future historians may call this episode the Pearl Harbor of the Web. For many, it was the strongest indication yet of a war that’s begun over the Internet’s future — a war that pits innovation against stability and security, commercial interests against technical communities and regulatory bodies, and proprietary initiatives against consensus protocols.

Site Finder exposed a key battleground: Should more intelligence be added to the Internet’s core to bolster performance and security, or will adding intelligence to the core clog up the Web, limiting innovation and undermining the so-called universal end-to-end connectivity principle?

“The commercialization of aspects of the network has led to forces like the VeriSign one, and of course, I’m not happy at all about that,” says Vint Cerf, senior vice president of technology strategy at MCI, and widely known as one of the fathers of the Internet for his role in designing the TCP/IP protocols. “They’ve gone in and changed the core functionality of the Net, and for most of us, that’s just unacceptable.”

Counters VeriSign’s CEO Stratton Sclavos: “People who believe that change at the core is not a good thing have good intentions … but perhaps have lost their way about the realities of what this network is today and what it must become.”

Goodbye to the end-to-end principle?

The VeriSign development came on the heels of other incidents that seemed to indicate the Internet’s vaunted end-to-end principle’s days were numbered. In August, some ISPs blocked Port 135 in response to warnings that hackers could use it to exploit a vulnerability in Microsoft Windows’ RPC (Remote Procedure Call) protocol. Although many enterprises and end-users had already blocked Port 135, some were still using it — for example, to connect Microsoft Outlook to Exchange Server — and found themselves cut off.