How Did .agakhan, .ismaili and .imamat Get Their Own TLDs?
Original: How did .agakhan, .ismaili and .imamat get their own TLDs?
Key topics
The intrigue surrounding bespoke top-level domains (TLDs) like .agakhan, .ismaili, and .imamat has sparked a lively debate, with one commenter quipping that securing such a domain is as simple as "pay[ing] the consultants and lawyers, then ICANN." As it turns out, the Ismaili Imamat, a supra-national entity representing the succession of Imams, is behind some of these unique TLDs, and others, like .va for the Vatican and .lds for the Mormon faith, have also made the cut. While some commenters pointed out that the Vatican's status as a country (albeit a peculiar one) grants it a country-code TLD, others argued that the distinction is moot, as it's "perfectly ordinary for religious institutions to operate a TLD." The discussion has also veered into more esoteric territory, with one commenter musing about the potential for the Bektashi Sufi Order to become the world's second "micro-nation" with its own TLD.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
N/A
Peak period
88
0-6h
Avg / period
20
Based on 160 loaded comments
Key moments
- 01Story posted
Aug 29, 2025 at 3:15 PM EDT
4 months ago
Step 01 - 02First comment
Aug 29, 2025 at 3:15 PM EDT
0s after posting
Step 02 - 03Peak activity
88 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 1, 2025 at 10:34 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
As is, your question is practically impossible to answer without just pointing you to the ICANN process.
(https://ismaili.imamat/#introduction)
The Aga Khan is the leader of the Ismaili Imamat.
They have as good a claim to a TLD as Berlin, if not more.
https://en.m.wikipedia.org/wiki/.uk
(Or did I miss an "/s"?)
The one which is the global seat of the Roman Catholic Church, which has existed since ancient times including for a time without any territory after the Papal States were lost, which is internationally sovereign, and the one to which ambassadors to the "Vatican" are accredited is the Holy See, not the Vatican City State.
The one that has .va is Vatican City State, which was created only in 1929 by the Lateran Treaty between the Holy See and the (then-)Kingdom of Italy. That treaty was signed to return a certain degree of independent territorial authority to the Holy See, including the Vatican City State where it has full sovereignty, to give financial compensation to the Church / the Holy See for the loss of the Papal States, and to address a few other matters.
Yes, the Vatican City State is under the governance of the Holy See as a sovereign entity, but it's the Holy See that's sovereign, not the Vatican City State - and the Holy See would remain legally intact if the Vatican City State were to be physically conquered by a foreign power.
ISO country codes which lead to ccTLD domain names like .va are often given more on the basis of internationally recognized/relevant territorial definition than on the basis of international recognized/relevant sovereignty where those two things diverge. After all, the British Indian Ocean Territory has never itself been sovereign under that name, and Taiwan's international sovereignty is a controversial question, but .io and .tw ccTLDs were still assigned and are universally recognized. it's for the same reason that .va goes with the territory and not with the global church.
It is smaller than high school campus nearest my house, is not a UN member, and seems to exist solely as a tax haven.
It also has no native citizens. No person has been born in Vatican City in a century and even if you pop out a baby in Vatican City and are you yourself a Vatican City resident and citizen, the baby is not a citizen until made so by legal decree, citizenship which ends the second your employment ends, of course, because citizenship is tied to employment.
It doesn't make sense.
It isn't a country.
It is a tax dodge.
My perspective may be skewed. I value "quirky quirks of quirktastic history" very little.
Who are the people of the Vatican? The only persons who live there are temporary government employees and not even all of them are citizens because that is optional.
You cannot own property, vote for your government, start your own business, go to school, buy anything except what is stocked in the small canteen, or go to the hospital if you are a Vatican citizen and odds are pretty good you live in Italy anyways.
Imagine if a bank drew a boundary around its Manhattan skyscraper headquarters and declared itself a country called Bankistan whose only residents were janitors, financial analysts, and management-- and most of its citizens live in Brooklyn. Except for the C-suite and senior vice presidents who live in penthouses and the janitors who live in tiny rooms in the basement.
Also the second the bank fires you or you quit or retire, you're no longer a citizen of Bankistan.
At a minimum, a capital-see (heh) Country is something that belongs to you if but in a very, insignificantly, small part.
So my definition of "country" is ill-defined but does not include the Vatican.
Ultimately, whether you get to act like a country (go to the UN, engage in diplomacy, hold territory) is in large part based on whether other countries recognize you as such. I don't know that it defines country-hood but it's part of the puzzle.
The Vatican is a fascinating example since it's clearly a very different sort of entity than the rest of the countries, yet is still recognized by most of the world's nations.
It works out pretty well for everyone, so it continues.
Since countries are political divisions, I'd also argue that this is the main and most important definition.
BTW, even "continents" suffer from this where in the US, Europe and Asia they are defined differently.
It isn't a country and nobody says that it is. The Holy See is sovereign entity with unique status under international law; the status of the Vatican City is derived from the status of the Holy See. It enjoys that status because practically all countries believe that it should do so.
All relevant parties believe that the Vatican City should be treated as if it's a state, therefore it enjoys the rights and responsibilities of a state, even though it technically isn't one. That is fundamentally how international law works - it's a system of agreements between countries and practice established by historical precedent. The status of the Holy See and the Vatican City is quirky, but that doesn't make it illegitimate.
Well, the CIA says it is: https://www.cia.gov/the-world-factbook/countries/holy-see-va...
> The Holy See is sovereign entity with unique status under international law; the status of the Vatican City is derived from the status of the Holy See. It enjoys that status because practically all countries believe that it should do so.
I am only an amateur international lawyer, ask a real one for a more confident answer: but my own understanding is this-the subjects of international law are (1) sovereign states, (2) international organisations established by treaty, (3) sui generis entities; Vatican City is technically an instance of (1) and the Holy See is an instance of (3), and they are technically two distinct subjects of international law, despite having a common sovereign - at least, that’s what I’m pretty sure the Vatican’s own international lawyers will argue… as subjects of international law, both are capable of being parties to treaties, but (generally speaking) the Holy See joins treaties of global interest, Vatican City joins treaties regarding matters of local concern to its own territory. As to where they get this status from, the answer is-customary international law
It is considered an independent state because some time after the Papal States (a much larger set of holdings that were ruled by the Pope) were annexed by Italy, the Vatican was subsequently granted independence (recognized in a treaty between the Holy See and Italy). Which is pretty typical of why independent states are considered independent states.
The odd thing about giving the Bektashis a “Muslim Vatican”, is they are a tiny minuscule sect within Islam, and many conservative Muslims will say “they aren’t Muslims at all”
Also I think the Albanian plan is more on the lines of Mount Athos: it is technically an in independent administration with independent (monastic) government but still part of the Greek state
https://en.m.wikipedia.org/wiki/Monastic_community_of_Mount_...
Yes, but it was still like contemporary Iran - a country which happened to have a theocratic system of government, not a country whose sole raison d'être was to endow a religious group with the trappings of statehood.
> Also I think the Albanian plan is more on the lines of Mount Athos: it is technically an in independent administration with independent (monastic) government but still part of the Greek state
I don’t believe that is true - if you read Albanian PM Edi Rama’s statements on the topic, he always cites the Vatican as his inspiration, not Mount Athos - which makes sense given Rama himself is Catholic, not Orthodox. He isn’t proposing this idea out of any personal belief in Bektashi Islam… a cynic would say he is doing it because it is good PR both for his country and for him personally… he’d surely give more high-minded explanation, in terms of the Albanian state giving a magnanimous gift to the cause of interfaith tolerance and religious moderation… but definitely the model is the Vatican not Mount Athos
edit: source: https://icannwiki.org/.man
also: walmart applied for .george https://icannwiki.org/.george
https://slate.com/technology/2012/08/icann-top-level-domain-...
So, a quite expensive domain hack? Are they trending again? There's even a list on domainhacks.club
[1] https://newgtldprogram.icann.org/en/resources/faqs#6
I believe the only actual requirement is that it has to be 3 characters or longer, as two characters are reserved for countries.
Would be kind of cool, most attacked domain on the web, probably
Yearly fee: $25k
Technical backend with Verisign: $200k per year
Add maybe $100k of lawyer fees.
https://www.icann.org/en/registry-agreements?sort-column=top...
This is the kind of stuff you’ll see and know I hit the powerball
One of those criteria is that you actually do something with the gTLD — per their FAQ:
> ICANN expects all new gTLDs to be operational. One of the reasons ICANN is opening the top-level space is to allow for competition and innovation in the marketplace. The application process requires applicants to provide a detailed plan for the launch and operation of the proposed gTLD. gTLDs are expected to be delegated within one year of signing a registry agreement with ICANN.
A few highlights from the full evaluation criteria (https://newgtlds.icann.org/sites/default/files/evaluation-qu...):
- They will reject applications made by known cybersquatters
- They will reject your TLD string if it has rendering problems on major OSes (e.g. if its codepoints aren't covered by at least fallback fonts)
- They will reject your registration policies if they're incoherent or unenforceable
- They will reject your application on behalf of a community if you can't provide sufficient references establishing that you actually represent the interests of that community
- They will reject your application if you haven't outlined to their satisfaction a plan for continuity/migration of control of the gTLD from your organization to some other organization in case of the bankruptcy/dissolution/etc of your organization (note: this is a separate thing from the technical considerations of registry fail-over et al, which are more something that most applicants would have a technical registry partner fill out on their behalf)
---
In all, the process actually seems quite thorough — but as with regular domain-name registration, it's a default-accept, not a default-deny, policy. The more arbitrary gTLDs that have been established so far all just-so-happen to be "innocent" of all of the disqualifiers.
Specifically, I think, given the criteria, that any multinational company could probably expect to be able to acquire its own name and trademarks as gTLDs without much fuss; and recognized leaders/stewards of any major religion (or other non-country-endemic sociocultural group) could likely get any jargon term specific to that religion/subculture as a gTLD. Those two cases together cover most of the "weirdness" in approved applications.
One assertion I might make after reviewing the evaluation criteria, is that very few of the criteria look at the gTLD string itself. Almost any gTLD string is a potentially valid registration. Almost all of the evaluation process is set up to establish whether you, the applicant, have a valid claim for stewardship over the given gTLD string.
https://icannwiki.org/New_gTLD_Program:_Next_Round
Blame ICANN for allowing any public or private organization who can meet the requirements to buy and operate a gTLD back in 2012: https://newgtlds.icann.org/en/applicants/global-support/faqs...
And as per another comment in this thread, they’re doing another round of this in 2026: https://news.ycombinator.com/item?id=45068328
Now prioratizing unambiguos naming would be somewhat acceptable if ICANN was tacobell and just a steward of naming on the side.
If you are not a consumer on an ISP emulating dialup it is quite likely that a popular name in a naming convention I.e. 'mercury' resolves to something for you and something for someone at a different firm (mercury.intranet.[firm].not-so-stupid-tld). A cert is possibly not a fully qualified one so when ICANN gives away mercury you need to append .asshat to everything ICANN names.
(Two firms have an unambiguous situation because they don't trust each others private roots but they both trust a cert issued for the public trust as a fqdn which is why TLDs expanding is a form of theft/breakage against every intranet..)
The DNS naming confusion was largely dealt with by having a small number of TLDs and rarely referring to complex things like partially specified subdomains, but every once in a while a fool named their machine com, org, or net. (Though these as subdomains were far more toxic.)
If I understand correctly, the scenario is an internal machine named "george", which is being properly search-pathed and looked up as "george.example.org." with nothing leaking anywhere, becoming vulnerable to Walmart being able to issue certificates in the name "george", because the DNS client library's search pathing is not read out by the layers that simply know the machine as "george".
I'm not totally convinced by the premise here that certificate checkers never read out the final fully-qualified domain name from getaddrinfo().
HN is full of people from SaaS startups who in essence want to buy the perfect 900 number. But DNS and delegation goes far deeper than selling one name for $20 and going to other $20 names to store your code and email at other SaaS providers.
As for certs, AFAIK, you can't get a certificate for a non-fqdn from a public CA since 2015.
https://wiki.opennic.org/opennic/dot
1. A set number of slots should be opened every 10 years (e.g. 250 new gTLDs every ten years).
2. Entities submit bids for the gTLD slots, in terms of dollars. The 250 highest bids win.
3. If your entity wins a slot, you submit the gTLD you want, and there's a public comment period where claims against the gTLD being created are heard (e.g. if you own the copyright in some jurisdiction and someone else is trying to register it, submit a claim).
4. If it passes, your entity is allowed to register a set number of TLDs on the gTLD (e.g. 100) before anyone else gets access. This is what you bought: The fact that the gTLD exists, and the first 100 domain names on it without competition).
5. It then becomes a real gTLD.
Some variant of this is how it always should have worked, and entities like Google should be forced into a sophie's choice: They could fight .google indefinitely, win, and it'll never become a gTLD, or they could sponsor it, claim the first N domain names, but otherwise make it available to everyone. Of course, they might actually have valid jurisdictional claims against anyone else who tries to register a .google domain on copyright grounds, so maybe they fight and win in the courts against anyone who tries to use it; but the point is that it shouldn't be ICANN's decision.
Is the highest bidder really the best custodian of a tld?
Why have a quota of, as you say, 250 every 10 years? What does this do to help, what issues does it address?
Those are not particularly compelling examples in favor of such a thing.
The issue would occur in the suggested system when ICANN decides to one day stop creating 250 domain names down to 25 domain names or some such change that increases the value of the gtlds to ridiculous numbers only the wealthy/well-connected can afford.
Maybe if we'd always had .yahoo and .aol from the beginning these brand TLDs would be a big signifier of legitimacy and thus we'd be worried about how only big corporations can afford them, but not being able to afford one in our current universe is no handicap in my humble opinion.
But where do you draw the line? How do you decide if a company should be allowed to get a gTLD for their brand? Clearly, having a trademark is not sufficient, as it is possible to get a trademark on a common word, and it is possible for multiple companies to trademark the same word as long as there isn't a risk of confusing them. Is it fair to let google and microsoft get such TLDs for their brands, but not apple and amazon?
Because the problem is how can apple have a trademark on the word “apple”?
For me, the same rules should be enforced for trademarks because an apple orchard might also like to have a trademark but that’s difficult because “apple” is already a trademark.
Edit: as pointed out in the comments, this position doesn't take into account that trademarks are very much national and cultural.
Perhaps one day gTLDs will become free (once the gold rush is over) just as SSL/TLS certificates did with the arrival of Lets Encrypt.
E.g. Apple has a trademark in the context of technology but not in the context of farming
Whereas gTLDs are flat namespace
Should then only multi-national organisations be allowed to obtain gTLDs?
Obviously the ICANN price tag of USD227k is also a good entry barrier.
We all know how that turned out.
https://en.wikipedia.org/wiki/Apple_Records
A good example of this is the long running legal dispute between Apple Computer and Apple Music, who each held a trademark on "Apple" in their respective domains, and which prevented the Beatles from playing on iTunes for a decade...
It would be glorious.
I'm reminded when the people of the Amazon rainforest petitioned to own .amazon, but it was given to the US company.
In the late 90s, when NSF allowed Network Solutions to charge for domain names, people complained that they (now Verisign) had a monopoly, so after a number of fine lunches and dinners in far off exotic places (see https://en.wikipedia.org/wiki/IAHC), there was a proposal to create more top-level domains, created the registry/registrar split, proposed the Uniform Dispute Resolution Policy (primarily for Intellectual Property owners), etc. Then, the US government stepped in and started a process that led to the creation of ICANN.
The whole point of this exercise was to introduce competition into the domain name system. It did with the registry/registrar split and tried with the registries by having multiple rounds of a limited number of new top-level domains. However, the latter was kind of stupid (IMHO): the switching costs for changing TLDs is way too high for the existence of new TLDs to significantly impact Verisign's monopoly -- instead, it created a bunch of monopolies.
However, people weren't happy with the "limited number" part of ICANN's efforts to introduce competition in the TLD space, so in 2012, the ICANN community (which anyone can be a part of) opened the flood gates, removed the arbitrary restrictions on how new top-level domains could be created, and we now have over 1500 TLDs.
https://icannwiki.org/.george
do companies even use these in the wild or are they buying these TLDs for nothing? ".brother", ".canon", ".nokia", ".panasonic", ".playstation", ".xbox", ".xerox"... there's even ".sandvikcoromant", which is some sort of Swedish metalwork company.
Where have you seen .aws in use though?
[1] e.g. https://quantumai.google/
yeah if I had to guess there's too much that's already pointed at google.com and with their main business being leveraging cookie data for ad money I bet whoever in the org might think it'd be rad to switch to mail.google, search.google, android.google, etc. gets beaten over the head with a stack of $100 bills anytime he brings it up.
I wonder, would the other browser vendors agree to treat all of .google as one entity in terms of 'same domain rule' if Google promised they aren't selling subdomains to anyone else? I'm not aware of any TLD treated like that presently. So yeah, seems like the corporate domains, at least of adtech titans, will never be used for much but redirects.
There was also a George magazine, which... I think belonged to RFK (Senior)?
Just checked underpants.george and, disappointingly, it's not being used.
Canon does use .canon for a few things, at least.
https://global.brother/
To give a slightly ridiculous example (just for fun), just as someone could make pickyourown.apple they could also register tim.apple and start an excellent phishing campaign.
https://www.royal.uk/news-and-activity/2025-02-10/the-king-i...
https://icannwiki.org/.agakhan
https://icannwiki.org/.ismaili
https://icannwiki.org/.imamat
They may or may not have then had the evaluation fee refunded to them, under the Applicant Support Program (https://newgtldprogram.icann.org/en/application-rounds/round...).
12 more comments available on Hacker News