|
Some peoples' concerns are security related. For instance, say a user tries to use a username and password to log into a fictional bank's website, but they mistype the URL (or maybe the URL is created improperly by a CGI or somethiing):
https://www.fictonalbank.com?user=someuser&password=trustno1
...this non-existent domain would take them to Verisign's redirect page on their webserver, and consequently their server logs would contain the username and password to access that bank account, as well as a domain name that is easily correctable for a human. These logs aren't so hard to get to on some servers.
A similar problem is if you mistype someone's domain in their e-mail address... the e-mail will go to Verisign. Some people don't like that. Even if Verisgn sends a "Mail could not be delivered" notice, are they deleting the e-mails? Saving the return addresses for SPAM lists? Who knows?
These are only two examples, there are others. Personally, I think it's Bad Idea for them to break the way the Internet is supposed to work. It's important for web browsers, e-mail apps, ftp software, and custom apps to know when they have not reached a real domain, so they can take corrective action. Verisign's change makes that job much harder, and in some cases impossible.
__________________
Hot Pastrami!
|