Wow, is that a hack. Wildcards don't do what we want, so we'll use
zone cuts as faux wildcards.
I thiought this was a hack when I heard it during the meeting. But
I think that is could actually work.
The key here is to recognize that the 'zone cut' really means the
point where we get the hand off from another server. As far as the
protocol itself goes there are no wildcards, the wildcard is simply
an administrative convenience supported by the servers.
You can't get a 'wildcard' in a response unless you are doing zone
transfers, dnssec or the like.
So saying that you go up to the record at the head of the zone to
look for wildcards is not unreasonable. It is exactly the type of
compromise that you end up having to make when trying to deploy
a protocol in legacy infrastructure.
There is a middle position that could be argued. We cannot require
a third of all parties deploying to upgrade their DNS servers in order
to be able to use MARID. But it might be possible to require the
subset who use wildcards to deploy a server that is capable of
generating synthetic wildcards.
Compared to the hacks we did to keep HTTP/1.0 compatible with 0.9
this is not an outrageous one.