Like others I am guessing that you are referring to section 4.2.2 step 2.
Since the domain doesn't exist the administrator can't have
been expected to create a policy for it so error seems like the right answer
That presumes the goal of protecting an entire sub-tree.
Absent that goal, the goal is to cover domains that have ADSP records. Very
different scope of effort.
Otherwise to create policies for all of my domains I would have to create
policies not just for all existing sub-domains of that domain (which I
personally would support) but all conceivable sub-domains of a domain (which
I don't think I would).
Again, creating records for every conceivable name -- and no, I can't imagine
any reasonable administrator attempting that -- is only an issue if there is a
belief that ADSP can 'protect' all names in a sub-tree.
NOTE WELL: This list operates according to