We just received the attached technical note from Verisign regarding our planned roll-out of DNSSEC support to more top-level domains.
They observe that our assumption that
nic.tld is owned by the TLD registry only applies to new top-level domains - not to older ones established before 2000, and not to ccTLDs. As a result, this could allow an unintended party to gain control of a TLD.
We’re halting plans to roll out the new root while we consider the best way to remedy this.