My guess is that noting will happen for now. It’s mostly a decision that ICANN working groups have to figure out. But given the current size of the .io zone and that we already have a non existing cctld (.su for Soviet Unite), I’m pretty confident it will exist in the mid-term future.
They have their own internal security team, that handles activation on a case by case basis. Some users need to verify at the beginning, some after a week and other do not have to verify at all.
As you can imagine, at that price point, people will abuse the sh* out of the platform. From public posts it lookalike the main indicators are:
- country you provided
- IP based Country
- Payment method
- Payment method returned country
- order size
- order pattern (something like spawn a server, abuse stuff, order new OR many servers at the beginning)
Sadly you just need to wait. I wish they would have other solutions. But for now that’s it :-/
As in: not that google decides to remove the domain, because you did not follow the requirements thing and only as “wasn’t there something” from my side.
We want to establish an alternative to Let’s Encrypt that is taking the core features and values from ISRG.
That’s not based on “bad US!1!”, more then a alternative would strengthen the ecosystem. This also means to create an alternative ecosystem like boulder.
The current challenges are mostly about incorporating the non-profit and structure it right. So that it’s as open as possible.
Motivation? To help shape the security landscape and bring much wanted features that are not viable for Let’s Encrypt to implement. Viable describes that boulder would require major rewrites for it to get implemented.
Specially we want to provide SMIME and .onion certificates.