Google’s fourth open new gTLD, .app, is launching its Sunrise period on 29 March for almost 5 weeks.
.app is billed as a more secure domain for apps. From games to news to education to business, .app is aimed at being the perfect home to promote apps on the web and a great place to showcase a unique and trustworthy destination.
The important dates for .app are:
- 29 Mar to 1 May: Trademark holders can register .app domains during the Sunrise period
- 1 May to 8 May: Anyone can register available .app domains for an extra fee (known as the “Early Access” period).
- 8 May onwards: General Availability commences and anyone can register available .app domains.
There will also be a claims period that will run indefinitely, during which trademark owners will receive notification when their marks are registered as domains.
The .app new gTLD will also have the added security protocol of HSTS for all domain names registered under it.
“The HTTPS Strict Transport Security (HSTS) preload list is built in to all major browsers (Chrome, Firefox, Safari, Internet Explorer/Edge, and Opera)”, explained Google in a post on their security blog. “It consists of a list of hostnames for which browsers automatically enforce HTTPS-secured connections. For example, gmail.com is on the list, which means that the aforementioned browsers will never make insecure connections to Gmail; if the user types http://gmail.com, the browser first changes it to https://gmail.com before sending the request. This provides greater security because the browser never loads an http-to-https redirect page, which could be intercepted.”
“The HSTS preload list can contain individual domains or subdomains and even top-level domains (TLDs), which are added through the HSTS website. The TLD is the last part of the domain name, e.g., .com, .net, or .org. Google operates 45 TLDs, including .google, .how, and .soy. In 2015 we created the first secure TLD when we added .google to the HSTS preload list, and we are now rolling out HSTS for a larger number of our TLDs, starting with .foo and .dev.”
“The use of TLD-level HSTS allows such namespaces to be secure by default. Registrants receive guaranteed protection for themselves and their users simply by choosing a secure TLD for their website and configuring an SSL certificate, without having to add individual domains or subdomains to the HSTS preload list. Moreover, since it typically takes months between adding a domain name to the list and browser upgrades reaching a majority of users, using an already-secured TLD provides immediate protection rather than eventual protection. Adding an entire TLD to the HSTS preload list is also more efficient, as it secures all domains under that TLD without the overhead of having to include all those domains individually.”
HSTS is a step on from HTTPS. “Connections to websites are encrypted using HTTPS, which prevents Web traffic from being intercepted, altered, or misdirected in transit. [Google] have taken many actions to make the use of HTTPS more widespread, both within Google and on the larger Internet.”
In all there were 13 applications for .app including from Afilias, Amazon and Nu Dot Co (which was the vehicle through which Verisign obtained .web). In the end, Google won with a bid of $25,001,000, the third highest amount paid for a new generic top level domain behind GMO Registry’s bid of $41,501,000 for .shop and Nu Dot Co’s $135,000,000 for .web.
Google applied for over 50 new gTLDs including their own .google and .goog. They have also launched .how and .soy to the general public. Looking ahead, Google also has plans to launch .dev in 2018, but hasn’t publicly announced dates yet.