We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.
> No parking, squatting, or reselling
Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
> rule of one person per subdomain
What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!
> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
---
To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space:
A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term)
B) Automated domain validation in a standardized way (ACME)
C) Long term commitments of sponsorships to ensure people could trust it would stick around
---
I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.
No it won’t. Spammers will just pay thousands of random people in poor countries to create their domain.
A domain squatter is in an easier position to automate that than an amateur to not forget to respond.
Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
Oh, cool! Russia is not on the list. Another service that excludes me just becasue I got lucky with the colour of my (NFC-enabled, biometric) passport.
On a less bitter note, I don’t think it’s that hard to build biometric passport validation. Face matching would be another thing, but for unregulated industries I don’t think you’ll need that, so why not grab some library from GitHub and be in control of the whole process? (You would still need to handle people without biometric passports somehow, of course.)
Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization.
> How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit.
It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
Most TLDs need to allow domain transfers because projects do genuinely change ownership sometimes. If you allow transfers, you allow reselling by definition (because you can't physically determine whether cash changes hands).
This isn't like tickets, where "return to pool and let an interested party buy it" is a viable strategy. Tickets are fungible, domains are non-fungible.
That's fine. It's not the transferring that you punish, it's the offering for sale. Good luck squatting when publishing any solicitation to sell the domain is the thing that causes you to lose it. How many domains are you going to squat on and pay renewal fees for when you have no way to let the public know you're willing to sell them that won't cause you to lose them?
> This isn't like tickets, where "return to pool and let an interested party buy it" is a viable strategy. Tickets are fungible, domains are non-fungible.
What does fungibility have to do with whether you can return something to the pool? The lack of fungibility makes it work even better, because if you want a specific domain and you find someone squatting on it, you can report them advertising it for sale. When the registry verifies that the report is true then the person filing the original report can be given first crack at the domain when it goes back into the pool.
Also, who is paying for the reduced fee, administrative and infra costs? And have you actually submitted gTLD application, or are you trying to crowdfund? Unclear to me.
90+% of people who would be willing to sponsor this stuff will go "hmm, I wonder where they've taken their money from, not us I guess." Not everybody reads comments, even fewer post ones of their own.
Being on the front of HN is a great opportunity, I'm afraid you haven't used yours as well as you possibly could.
I’m guessing, if designed well, the registration process could run on lightweight infrastructure. Maybe $1-5k total per year, not counting time. So it’s enough for a fun hobby project.