The Era of .Whatever

ICANN has removed the barriers to the creation of new top-level domains. The distant future could be exciting, but the near term looks confusing.

A new policy from ICANN will soon open up the Internet to a theoretically infinite number of new Top-Level Domains. How much of a difference will it make?

In the short term, not a whole lot. In the long term it could have a big impact. I would argue it's likely to cause more trouble than benefit, but I'll have to get over that. The change was inevitable.

The new policy should open up the domain markets to commercial entities that want their own TLDs, such as .mac or .apple or .microsoft or .pepsi. Why use when we can have security.eweek? The ICANN press release mentions proposals for community domains such as .nyc or .berlin.

Currently, the number of TLDs is limited and the large majority of them are country code domains such as .us for the United States and .tc for Turks and Caicos. Click here for a complete list of TLDs. Mostly the list has been static; even .su, for the former Soviet Union, is still in use. A few new domains have been added in recent years for commercial purposes, such as .travel and .museum, and they have been total commercial losers.

I suppose there never will be another .com and a domain needn't be a failure just for being smaller than that, or even just for having a small base. I have no doubt that part of the motivation behind this is to keep the domain name bubble inflating by creating new grounds on which it can inflate. If nothing, you can expect trademark holders to buy large numbers of domains on any new and open TLDs in order to protect their names.

The near future will also bring us domain names, including TLDs, using internationalized character sets. These are known as IDNs, or Internationalized Domain Names. On the one hand the availability of these domains seems like simple justice and in line with ICANN's goals of internationalizing everything they can. But the problems this causes have been long-recognized. Consider the Homeograph Attack, from 2001, in which two researchers registered the domain name '' where the 'c' and 'o' in microsoft were in fact the Cyrillic characters. It's tough to type in, but easy to click on the link, or perhaps copy and paste.

At the request of ICANN, Paul E. Black, a computer scientist at the National Institute of Standards and Technology, developed a tool to "[c]ompute the visual similarity between a possible new Generic Top-Level Domain (TLD) and other proposed TLDs, current TLDs, and reserved words." How similar is .mi1 (that's a numeral '1', not the letter 'l') to .mil for military? The tool says 100 percent. Will someone be allowed to create a ..mi1 domain? Someone from China, maybe?

Normal people are going to be flat-out confused by this. They already are confused by any TLD other than .com, and even experts can be perplexed by some of them. Did you know there is a .jobs domain already? In this blog the editor of Domain Name Wire, a blog covering the domain name market and run by people with more than a passing familiarity with it, sees a billboard advertising and does a double-take before realizing that it's a domain name. In fact, doing .this and .that to a name is pretty much a marketing cliche already, so new names coming out of nowhere are likely not to be taken seriously.

Just as kids these days don't look at cell phones with wonder, some day, perhaps, the idea that just about anything can be a TLD will seem natural to people. But we're a long way from there and, for now, these names are more useful for illicit purposes than for new legitimate endeavors.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzer's blog Cheap Hack