Cambodia (.kh): allow direct second-level registrations

[pichponleurpen]

Removes the wildcard rule for .kh and explicitly lists Cambodia public suffixes
in accordance with the official registry policy published at:
https://www.trc.gov.kh/laws-regulations/subDecree/Sub-Decree%20on%20the%20Management%20and%20Use%20of%20National%20Domain%20Names%20on%20the%20Internet%20Royal%20Government.pdf
https://domain.gov.kh/required-documents
https://domain.gov.kh/static/media/Guideline-DNS.8f09c480e5a6fe54936b.pdf

Public Suffix List (PSL) Submission

Checklist of required steps

• Description of Organization

• Robust Reason for PSL Inclusion

• DNS verification via dig

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• Cloudflare
• Let's Encrypt
• MAKE SURE UPDATE THE FOLLOWING LIST WITH YOUR LIMITATIONS! REMOVE ENTRIES WHICH DO NOT APPLY AS WELL AS REMOVING THIS LINE!

• This request was not submitted with the objective of working around other third-party limits.

• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• The Guidelines were carefully read and understood, and this request conforms to them.
• The submission follows the guidelines on formatting and sorting.

• A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact:

• Abuse contact information (email or web form) is available and easily accessible.

  URL where abuse contact or abuse reporting form can be found:

  https://domain.gov.kh/about

---

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

---

Description of Organization

The Telecommunication Regulator of Cambodia (TRC) is the national authority responsible for regulation and oversight of the telecommunications and internet sector in Cambodia. TRC operates and supervises Cambodia’s country-code top-level domain (.kh) through the national registry (KHNIC), including policy, delegation, and DNS management.

The submitter represents TRC/KHNIC in a technical and policy capacity and is authorized to submit this change on behalf of the registry to reflect current operational policy.

Organization Website:

https://trc.gov.kh/
https://domain.gov.kh/

Reason for PSL Inclusion

Cambodia allows public domain registrations directly under the .kh ccTLD as well as under structured second-level domains such as .com.kh, .edu.kh, and .gov.kh, as documented in the official registry policy.

The previous wildcard rule (*.kh) caused browsers and certificate authorities to treat all second-level domains under .kh as public suffixes, preventing valid registrations such as example.kh from functioning correctly for HTTPS, cookies, and related security mechanisms.

This change aligns the Public Suffix List with actual registry policy and operational reality, enabling correct domain handling.

Number of users this request is being made to serve:

Nationwide (all current and future .kh domain registrants).

DNS Verification

The registry will publish the required DNS verification record and keep it in place
for the duration of the listing.

[simon-friedberger]

Please use a non-personal e-mail address so we can still reach somebody if you change jobs.

[pichponleurpen]

Updated the submitter email to the role-based address contact@trc.gov.kh as requested.

[simon-friedberger]

DNS records are great. In addition to that, it would be helpful if you could add a document to your site which lists all the domains which should be public suffixes. Also note that we generally go through IANA to find the right site and IANA currently lists https://www.tc.com.kh at https://www.iana.org/domains/root/db/kh.html instead of the https://trc.gov.kh/ or https://domain.gov.kh/ you provided. Could you please make sure those are aligned?

[pichponleurpen]

@simon-friedberger Thanks for the clarification, and before proceeding, I would like to confirm alignment on the proposed approach.

For the documentation point, we plan to publish a dedicated public page that
explicitly states that the Telecommunication Regulator of Cambodia (TRC), acting
as the registry authority for .kh, designates the following domains as public
suffixes: .kh, .com.kh, .gov.kh, .edu.kh, .org.kh, and .net.kh. This page will be on the TRC website (https://trc.gov.kh/).

For authority alignment, since IANA currently lists Telecom Cambodia (TC) as the
technical contact for .kh, would a confirmation from the IANA-listed technical contact (Mr. Chin Daro, Telecom Cambodia), posted here on the PR, be sufficient to confirm TRC/KHNIC’s role as the authoritative registry?

We want to ensure this approach aligns with PSL expectations before implementing the changes.

[simon-friedberger]

If you are the registry for Cambodia you should get IANA to change the URL to point to your website. If the registry is Telecom Cambodia and you are a registrar, this should go into the PRIVATE section and DNS entries are sufficient for validation.

[dnsguru]

As Simon mentioned, your working with any (or all) of the following

1] direct the existing listed registration authority on the IANA .kh registration page to update their pages to show harmony with your requested changes
2] direct the IANA to update the website of the registration authority to those you suggest
3] A _psl..kh txt record placed directly in the .kh zone pointing to this Pull Request's URL, which we can verify from public resolvers is present via 1.1.1.1 or 8.8.8.8 should suffice as a proof of administrative control over the .kh zone. We would also like to see the other namespace(s) have these added as well.

These are the appropriate paths.

Noting that this submission comes from an account on github that appears to have been freshly created specific to this request, and that your URLS and other elements within this request are all pointed at gov.kh websites, we are sensitive to there being a self-approving nature to the documents linked beneath it. We have recently seen third parties fraudulently attempt to submit gov.[country code] to the PSL after registering the gov.[country code] domain and setting it up as a subdomain registry and placing a request with us.

We are not suggesting that something ilegitimate is what happened here, but we would like the record on this pull request to show to the public the evidence that there was care in this change in light of the submission coming from a newly created github account. We are a bit extra careful about such submissions as a result, and ensuring that they come from an authorized source, especially where an affected string is a gov.[country code].

[pichponleurpen]

@simon-friedberger @dnsguru Thank you both for the clear guidance and for outlining the appropriate paths.

We understand the concerns raised and the need for strong, publicly verifiable evidence of registry authority, especially given the impact of changes at the ccTLD level.

From the Telecommunication Regulator of Cambodia (TRC) side, we are coordinating internally and with the relevant parties to address the points raised, including alignment with the IANA .kh record and the appropriate form of public documentation and verification. We will proceed in line with the approaches you described and follow up on this PR once the necessary steps are completed.

Thank you for the review.