[dns-operations] Verisign's SEC filing
jim at rfc1035.com
Fri Feb 3 14:24:21 UTC 2012
On 3 Feb 2012, at 13:27, Andrew Sullivan wrote:
> The only plausible way of interpreting this is that Verisign doesn't
> actually know what was lost, and therefore it doesn't know what to
> look for in order to figure out whether it's been used.
Not necessarily. Verisign might well know more about this incident and
have been gagged by their lawyers. If Verisign were to volunteer more
info than the SEC's rules require, that might well open up a world of
lawsuits, Sarbanes-Oxley compliance checks, awkward questions from
their auditors, investigations by law enforcement or even Congress,
etc. These could of course still happen anyway. So Verisign's legal
and PR people may want to ensure the company can retain some degree of
control over those risks.
> This isn't a special case for Verisign: I'd expect any of the root
> operators and any of the TLD operators -- and I might extend this to
> any ICANN-accredited registrar -- to hold to the same standard.
Best of luck getting ICANN's compliance people to flex their muscles
on matters of registrar conduct. :-)
> In this case, we have the advantage that Verisign is a public
> company, so
> the SEC filing forces the revelation.
Well, yes. However what's been disclosed to the SEC so far does not
exactly give us a warm feeling.
More information about the dns-operations