That happened to me, but fortunately it didn't end up being a huge deal.

I had forgotten to renew my domain from Gandi, it expired, and I stopped getting emails. I also could not find my password for Gandi, and I couldn't get the password reset to work, so I panicked, but fortunately Gandi will let you renew someone else's domain. Not a transfer, just if account A wants to pay to renew account B's domain without any change of ownership, they allowed that, so I made a quick throwaway account, and renewed everything for eight years.

I mean, sure, but I and probably 99% of other folks have a credit card set up to autorenew. This is a security problem, but not a very serious one.

Credit cards have expiry dates, or at least they do over here. I expect my partners domain to expire 10 years after my death, as I can only pay 10 years in advance. To many people, there are more important things to worry about (and often second thoughts after the fact).

Why hasn’t anyone made a TLD with infinite expiration?

The price should just be the present value of the annual fee cash flows.

Hate to say, but might actually be a legitimate use case for blockchain here. Identity provider which is responsible for being a source of truth on aliveness tied to a smart contract for paying annual registrar fees.

Though the traditional way would just be finding a registrar which can direct debit (e.g. CSC Global or MarkMonitor) or setting up a trust account for someone to manage it for you. Or just power of attorney plus escrowed account.

Apart from cryptocurrencies, I don't think that there are any legitimate use-cases for blockchain.

Then the question is whether we want cryptocurrencies or not (I don't).

I don’t get it, example?

A promise of money in the future is worth less than getting this money now. Present value (PV) here would be - how much you would pay now to get $X after T time.

Turns out that sum of PV($X in 1 year) + PV($X in 2 years) + … converges even though the series is infinite. Look up “perpetual bonds”.

The value of $10 paid annually forever is probably $200-500 depending on [things].

Source: I work in a bank but I’m also shit at finance so take this with a large grain of salt.

But this would only converge if you assume the fees will stay fixed or at least grow more slowly than the discount rate.

I agree, although if a business decides to close a service could it get tricky? What if all other providers charge much more and the provider can't sell your domain on to them to manage? Or they sell it on to an unscrupulous provider? A yearly fee means they can't get all the cash up front and then run.

We’re talking about the cost to save a <1KiB database record. The only reason this doesn’t exist is that the entire TLD ecosystem is a rent seeking enterprise.

Taking over a domain is not particularly connected to access to PII.

You own/control the name, not the set of files on a hosting service somewhere.

If you buy someone's domain name, then they'll probably have emails going to it. So you set up a catchall address and discover what accounts are related to it, then you can use the reset password functionality to get access to the accounts. In some cases, they'll have a backup gmail account - and perhaps you can guess what it is (e.g. emails come through to Paul Davis so you guess, oh, maybe they have the paul.davis google account, and reset password on that).

But if someone else gets the name, they get your email going forward, and therefore access to a lot of your accounts.