.photo and .photos sounds like a domain spoofer’s dream.

Not much different than .com and .co, which already existed before the new TLDs.

The major difference is that ICANN got paid a large sum for both .photo and .photos, while .com is a legacy gTLD and .co is a ccTLD.

I would have added .img, .res, .txt, .src, .var, .dev, .etc, .bin, .lib, .bak, .dir, .key, and (of course) .log, as gTLDs without charging for them. But I guess that's why I don't work for ICANN.

I don't see why impose any restrictions aside from the country TLDs. We have enough letters, we could make TLDs affordable.

> we could make TLDs affordable.

As long as we throw out the whole 'memorable' part. Which has both branding and security implications.

We need to either commit to a limited set or unlimited set. Being stuck in between in the worst of both worlds. If it's unlimited we can treat domains more like phone numbers and rely on 'contact book' style systems for personal reference instead of memory. Which would help solve both branding/security issues.

You could even diff the URLs against your URL "contact books" (I'm trying not to say bookmarks), to warn against possible phishing too.

> If it's unlimited we can treat domains more like phone numbers and rely on 'contact book' style systems for personal reference instead of memory.

So then we can throw out the DNS and just use IP addresses or some IPFS-esque scheme.

Or use a federated contact book, such that a site operator could openly publish a memorable name, and those names could be propagated to others and given aliases.

...so then the nodes operated by the FAANGs would be authoritative just by virtue of popularity. Dangit.

I guess we're back to HOSTS files.

> As long as we throw out the whole 'memorable' part. Which has both branding and security implications.

We already have security implications, a domain name should never been the only proof.

Sounds like a huge burden on the root nameservers and basically a refutation of the whole merit of DNS right? I mean how can that be feasible. There are ~350 million domains registered so far, of course every one would want to be a TLD instead. So what do you mean by "affordable" -- how far down the list should it go?

I doubt that everyone would want a TLD, but given enough thought I'm sure a solution can be devised for the root server load problem.

phish.ing phis.hing phishi.ng etc

amusingly two of those are valid domains

Why not use raw IP adresses then? Even better: IPv6 adresses. There are 2^128 of them.

Well, I would if I could get a valid TLS cert for an IPv4(6) address, but there's also the problem that IP addresses are much harder to migrate from one provider to another compared to domain names.