It is open. You can run your own DNS server and create your own GTLDs. Might not get a valid cert, but then you can also add your own root cert to your devices and everything will work just fine.

It's the "all of the major browsers, OSes and DNS resolvers should comply" part that's the hard part