[Pre-RFC] DNS domains as package namespaces

> What happens when a domain expires and another entity gets control over it? Should the existing crates get kicked out? Should they even be able to publish new crates in that namespace? If not, how would that be verified? This is described in both the first post and the more detailed notes posted subsequently. In the current proposal updates to existing crates are authorized according to crates.io ownership rules, which mean that (1) domain transfer doesn't grant crate ownership and (2) domain expiration doesn't revoke publishing permissions on crates.io. Alternative choices are described, such as requiring verification on each upload. This would improve security at the potential cost of ecosystem churn. The verification process is also described, at great length. Are there any points you found unclear?