Given the importance of TLDs, perhaps the right thing to do here, for
ietf, is to assume the worst-relevant-case scenario:
Presume that a malevolent entity gains control of a TLD.
Assume that through litigious or regulatory or (gasp) voluntary
mechanisms, the malevolent parties are subject to standards. They
must operate the TLD according to approved standards (which
apparently do not currently prohibit or even explicitly discourage
In other words: write RFCs with the presumption that they will have
force and with the goal that they would prevent objectionable behavior
(which in this case, from what I've seen on the list, is more
ambiguous than one might wish). And then leave the implementation of
"force" up to other entities. This is an alternative to the emerging
game of "core wars" exemplified by the recent patch to BIND.
For the case at hand, the ex-post-facto nature of the new standard is
problematic and RFCs should explain how and why that should be taken
In the best case, no force is actually necessary, and entities such as
Verisign will simply choose to comply voluntarily because so many
people have agreed that they should.
In other words: express the sin negatively as an RFC. That it is the
case, list traffic suggests, other TLD custodians have performed
similar acts without objection, complicates the issue, of course.