EP-XXX: Assign Ownership of the .kred TLD to Verified Multisig Controller

Abstract

This Executable Proposal requests that the ENS DAO assign ownership of the .kred top-level domain (TLD) to the multisig wallet:

0xb9ef2c160D908A4F7a9DFcdba46662C4a7EC4FD9

The proposing entity already owns and operates the ICANN .kred TLD and has demonstrated authoritative control of the DNS registry by publishing the ENS verification TXT record:

_ens.nic.kred TXT "a=0xb9ef2c160D908A4F7a9DFcdba46662C4a7EC4FD9"

This satisfies the ENS DNS-based proof-of-ownership mechanism and confirms legitimate authority over .kred.

Motivation

The .kred top-level domain is an active ICANN TLD. Establishing .kred within ENS via DNS-verified ownership expands ENS’s integration with traditional DNS namespaces and supports unified Web2 + Web3 identity infrastructure.

Benefits include:

• Cryptographic linkage between ICANN DNS and ENS
• Unified namespace for identity services
• Compliance with ENSIP-10 DNS integration standards
• Reduced end‑user confusion via namespace alignment

The target controller is a multisig wallet, ensuring secure and decentralized stewardship.

DNS Proof of Authority

The authoritative DNS TXT record published is:

_ens.nic.kred TXT "a=0xb9ef2c160D908A4F7a9DFcdba46662C4a7EC4FD9"

This demonstrates:

1. Control of the ICANN .kred zone
2. Intent to bind .kred to the supplied wallet
3. Compliance with ENS DNSSEC ownership‑verification standards

Specification

This proposal instructs the ENS Root contract to assign ownership of .kred to the verified multisig.

setSubnodeOwner(
    bytes32(0),                                    // The root node
    keccak256("kred"),                             // Label hash for .kred
    0xb9ef2c160D908A4F7a9DFcdba46662C4a7EC4FD9     // Verified controller multisig
);

Effects:

• Establishes .kred ENS ownership
• Enables registrar/resolver configuration
• Maintains continuity between DNS + ENS namespaces

Rationale

Assigning .kred to a multisig ensures secure long‑term stewardship and aligns with ENS precedent such as the .ceo TLD assignment.

The proposer has demonstrated verified ICANN authority via DNS TXT record publication, meeting ENS governance expectations for TLD integration.

Security Considerations

• Multisig reduces key compromise risk
• DNSSEC + TXT proof ensures strong ownership validation
• No new systemic risks to ENS
• DAO retains authority for future reassignment if required

Execution Payload

ENS.root.setSubnodeOwner(
    0x0000000000000000000000000000000000000000000000000000000000000000,
    0x46ccee32f62d02082b7b7f3da9a3a5e2c3f69f7d51f0cb0ea0f454b5f02b0f77, // keccak256("kred")
    0xb9ef2c160D908A4F7a9DFcdba46662C4a7EC4FD9
)

Proposal calldata security review - Draft

Hey @andrewhorn, welcome and thanks for the proposal.

We reviewed the calldata and identified a couple of adjustments needed in the call to ENS.root.setSubnodeOwner():

1. Extra parameter
   The first parameter bytes32(0) is not required by the contract interface and should be removed.

2. Incorrect label hash
   The label parameter appears to use an incorrect input on the hashing function.
   The correct label hash for the “kred” TLD is:
   0xe528c3cd6fdd088c4790dd1fb1db9962d86b4fc900da22c5f459f606ab5bfad2

All simulations and tests are available here.

To verify locally, clone the repository, check out commit e00eb2d, and run:

forge test --match-path "src/ens/proposals/ep-kred-tld/*" -vv

Next steps

We’ve created an updated draft on Tally with the corrected calldata:
this Tally draft

When the delegate submits the proposal on-chain, this draft should be used, as it is the version we tested and can guarantee matches the executed calldata.

Let us know if you’d like to adjust the proposal description and when you are planning to have it onchain so we can also update the title numbering accordingly.

This is now live for voting: Tally | ENS | Assign Ownership of the .kred TLD to Verified Multisig Controller

Live proposal calldata reviewed (here). Thanks for submitting the proposal and using the draft, Nick.