Google, LLC Liquid Intelligent Technologies Cisco Cisco There is a trend towards documents describing protocols that are only intended to be used within "limited domains". Unfortunately, these drafts often do not clearly define how the boundary of the limited domain is established and enforced, or require that operators of these limited domains //perfectly// implement filters to protect the rest of the Internet from these protocols. In addition, these protocols sometimes require that networks that are outside of (and unaffiliated with) the limited domain explicitly implement filters in order to protect their networks if these protocols leak outside of the limited domain. This document discusses the concepts of "fail-open" versus "fail- closed" protocols and limited domains, and provides a mechanism for designing limited domain protocols that are safer to deploy.