It can be quite reasonable to make wildcard assertions about RRs that
are all within the same administrative domain, but arguably this
condition is not met for the COM or NET zones.
Agreed - but again, unless it breaks the protocol or has an adverse impact
on robustness, (and not just some number of bottom lines) its probably
better to resolve the policy issue before putting fingers on the protocol.
As convenient as it might be to find an excuse to keep IETF out of this
I don't think we can meaningfully separate discussions about the DNS
protocol from discussions about DNS semantics.
That, and we've put up with too much abuse from VeriSign for too long.