https://hccf.onmy.cloud/wp-content/uploads/2026/06/dot-self....
> Everyone entitled to a subdomain at no cost
How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
> No parking, squatting, or reselling
How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.
> No parking, squatting, or reselling
Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
> Think of it as a similar model to ISRG and LetsEncrypt.
In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
> rule of one person per subdomain
What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
> In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!
> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
To be honest it feels like these answers boil down to "we feel it'd be nice if this existed but we have no actual answers as to how to get it done".
---
To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space:
A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term)
B) Automated domain validation in a standardized way (ACME)
C) Long term commitments of sponsorships to ensure people could trust it would stick around
---
I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.
You need to find a benevolent selfless soul who will sponsor you.
> Our rule of one person per subdomain will hopefully prevent this at scale
No it won’t. Spammers will just pay thousands of random people in poor countries to create their domain.
> We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
A domain squatter is in an easier position to automate that than an amateur to not forget to respond.
How is one person per subdomain enforceable? How is a person uniquely identified and tracked?
My guess is by using ID verification similar to how I do it on https://onlyhumanhub.com/
So you have just built a wrapper around https://passportreader.app/, which itself is reading NFC enabled ID/passports from specific countries. The coverage map is here: https://passportreader.app/coverage.
Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
The "how it works" page for that website says that the ID data is "digitally signed by the issuing government". But there doesn't seem to be anything in the docs about how to get or verify that signature. So it seems like they are just asking users to trust them to do the verification.
> The coverage map is here: https://passportreader.app/coverage
Oh, cool! Russia is not on the list. Another service that excludes me just becasue I got lucky with the colour of my (NFC-enabled, biometric) passport.
On a less bitter note, I don’t think it’s that hard to build biometric passport validation. Face matching would be another thing, but for unregulated industries I don’t think you’ll need that, so why not grab some library from GitHub and be in control of the whole process? (You would still need to handle people without biometric passports somehow, of course.)
I'm curious about how this works, but it doesn't look like I can find out without creating an account. I see that it says "Link your existing social accounts to prove you're not a bot." How does having social media accounts prove I'm not a bot?
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue?
Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization.
> How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit.
It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
Much of the cost here comes from compliance with the ICANN gTLD program structure, not from running the underlying technical infrastructure (which is not limited to DNS - you also need EPP/RDAP/etc). See https://www.icann.org/en/registry-agreements for (hundred+ page) documents outlining registry responsibilities. Registries can outsource some of this to an ICANN-accredited "registry service provider", but should expect to pay upwards of hundreds of thousands of dollars yearly for the privilege.
You can't do it in the general case.
Most TLDs need to allow domain transfers because projects do genuinely change ownership sometimes. If you allow transfers, you allow reselling by definition (because you can't physically determine whether cash changes hands).
This isn't like tickets, where "return to pool and let an interested party buy it" is a viable strategy. Tickets are fungible, domains are non-fungible.
If the focus of this is truly on one-per-person personal domains then you don't need to allow transfers and reselling. (Although you'll probably get a grey market of people just repointing DNS to someone else anyway, because if there's money to be had someone will take it)
> Most TLDs need to allow domain transfers because projects do genuinely change ownership sometimes.
That's fine. It's not the transferring that you punish, it's the offering for sale. Good luck squatting when publishing any solicitation to sell the domain is the thing that causes you to lose it. How many domains are you going to squat on and pay renewal fees for when you have no way to let the public know you're willing to sell them that won't cause you to lose them?
> This isn't like tickets, where "return to pool and let an interested party buy it" is a viable strategy. Tickets are fungible, domains are non-fungible.
What does fungibility have to do with whether you can return something to the pool? The lack of fungibility makes it work even better, because if you want a specific domain and you find someone squatting on it, you can report them advertising it for sale. When the registry verifies that the report is true then the person filing the original report can be given first crack at the domain when it goes back into the pool.
It costs ~$200,000 to apply for a TLD, and there's an ongoing renewal cost in the tens of thousands of USD.
For this application round, ICANN is running an Applicant Support Program, or ASP. The applicants seeking to apply for a TLD this round who qualify for the ASP will have a substantially reduced application fee, among other benefits. Our organization is one such org who has qualified for the ASP so we will not have to pay the full $227,000 application fee.
How much is the reduced fee then? As I understand it's somewhere between 75-85% less, which is still a lot of money.
Also, who is paying for the reduced fee, administrative and infra costs? And have you actually submitted gTLD application, or are you trying to crowdfund? Unclear to me.
The fee will fall on us to pay and the gTLD application window is open and our application is in progress. Yes we are crowdfunding (there is a donation link on our website and in the pamphlet) while also actively seeking partners to sponsor us.
If anybody is asking you "are you trying to crowdfund" and your answer is "yes,", you've clearly failed at conversion, marketing and UX design.
90+% of people who would be willing to sponsor this stuff will go "hmm, I wonder where they've taken their money from, not us I guess." Not everybody reads comments, even fewer post ones of their own.
Being on the front of HN is a great opportunity, I'm afraid you haven't used yours as well as you possibly could.
It's usually the clever cunts that try to deceive the investor by deploying an arsenal of marketing tactics. At least the organization in this case, is clear upfront.
That's definitely not a cartel then.
It's not clear whether they're actually talking about domains or subdomains there, which is a worrying sign from a potential registrar.
Any domain that isn't one of the Top Level Domains is also a subdomain.
Isn't the actual top level domain an empty one after TLD? Looking like «.com.» with trailing dot
I mean sure, but if you started talking about google.com as a subdomain, real humans would correctly look at you funny.
Is it really that expensive to run a TLD? Name servers are notoriously long running on ancient spec servers.
I’m guessing, if designed well, the registration process could run on lightweight infrastructure. Maybe $1-5k total per year, not counting time. So it’s enough for a fun hobby project.
Might be a public service? I guess many countries already had such a thing with running cost several order higher than such a thing as a TLD, operating for centuries now.
Countries have the loop of "taxpayers pay government -> government funds service -> service benefits taxpayers." You can't do that if you offer the service to the general internet.
Why not? I would happily see a fraction of my taxes go into such a project.