Did it occur to Verisign that perhaps this needed
some external policy and technical review before
you just went ahead and did this?
Have you formally or informally asked ICANN, the US DOC,
etc. for policy approval? If so, where and when?
Did you consider that nonexistent domains returning
an error was a feature in use by a wide number of security
authentication mechanisms in email and other applications?
Did you consider that major network operators might
want to know about things like this beforehand?
Have you notified any major network operators prior
to this email to NANOG?
Were the root servers apprised of this prior to it
being implimented? [Paul et al, any comments on this one?]
It is nice that Verisign at least documented what you
are doing and why, however, the documentation is not
ipso facto reasonable procedure and community approval.
WiFrom what I can see here and today, you don't have
community approval and don't appear to have followed
anything vaguely like reasonable procedure in getting here.
.com and .net are not your private playthings,
and to be frank Verisign's position in control
of the zones is dependent on it not being the
sort of company to pull stunts of this nature
without appropriate warning and discussion.
-george william herbert