Google, LLC Liquid Intelligent Technologies Cisco Cisco Independent There is a trend towards documents describing protocols that are only intended to be used within "limited domains". These documents often do not clearly define how the boundary of the limited domain is implemented and enforced, or require that operators of these limited domains //perfectly// add filters at all of the boundary nodes of the domain to protect the rest of the global Internet from these protocols and vice-versa. This document discusses the concepts of "fail-open" versus "fail- closed" protocols for limited domains. It further specifies how to use layer-2 protocol identification mechanisms for designing limited domain protocols that are safer to deploy.