> >It can be quite reasonable to make wildcard assertions about RRs that > >are all within the same administrative domain, but arguably this > >condition is not met for the COM or NET zones. > > Agreed - but again, unless it breaks the protocol or has an adverse impact > on robustness, (and not just some number of bottom lines) its probably > better to resolve the policy issue before putting fingers on the protocol. As convenient as it might be to find an excuse to keep IETF out of this I don't think we can meaningfully separate discussions about the DNS protocol from discussions about DNS semantics. That, and we've put up with too much abuse from VeriSign for too long.