[dns-operations] Verisign's SEC filing

Jim Reid jim at rfc1035.com
Fri Feb 3 14:24:21 UTC 2012

On 3 Feb 2012, at 13:27, Andrew Sullivan wrote:

> The only plausible way of interpreting this is that Verisign doesn't
> actually know what was lost, and therefore it doesn't know what to
> look for in order to figure out whether it's been used.

Not necessarily. Verisign might well know more about this incident and  
have been gagged by their lawyers. If Verisign were to volunteer more  
info than the SEC's rules require, that might well open up a world of  
lawsuits, Sarbanes-Oxley compliance checks, awkward questions from  
their auditors, investigations by law enforcement or even Congress,  
etc. These could of course still happen anyway. So Verisign's legal  
and PR people may want to ensure the company can retain some degree of  
control over those risks.

> This isn't a special case for Verisign: I'd expect any of the root
> operators and any of the TLD operators -- and I might extend this to
> any ICANN-accredited registrar -- to hold to the same standard.

Best of luck getting ICANN's compliance people to flex their muscles  
on matters of registrar conduct. :-)

> In this case, we have the advantage that Verisign is a public  
> company, so
> the SEC filing forces the revelation.

Well, yes. However what's been disclosed to the SEC so far does not  
exactly give us a warm feeling.

More information about the dns-operations mailing list