Not that I recall.
> Are they looking for browser vendors to signal a
> vote of confidence here?
Yeah, basically. The report mentioned earlier spells out a number of problems identified through the study and comment. The recommendation is for new gTLDs to have a cooling off period where they go into this no-mans-land, in the hope of signalling at least some of the (unknown quantify of) affected users.
Note that there is already a cooling off period baked in, in order to allow CAs to begin revoking such certificates (as, unfortunately, CAs believed such non-assigned names could be validated to the level of assigned names). Rather than having nothing resolve, the proposal is to take advantage of this window and actively 'break' things, with ISVs helping users be alerted, and admins being able to query/analyze logs.
>
> There's other possible corner cases to consider, especially with
> built-in resolver. For example, if the local configuration uses search
> suffixes, would we try to continue discovering with those if the
> global DNS namespace returns 127.0.53.53? I think we might need
> something like so intranet name resolutions would trump global
> resolution if no results are returned.
>
I don't think we should. The report actually covers this, as its part of why the problem exists to begin with.
> Also: would we escape the URL loading sequence as early as possible if
> the special IP address is returned, or would we try to fetch content
> at the 127.0.53.53 address and only display the error page if it
> fails? This would still allow enterprises to do their own custom error
> page, and is not much different than typo-squatting services in terms
> of security risk.
>
I would think the moment we pick it up from the resolver, we begin diverting the response. I'm not sure how you imagine enterprises customizing this, since it redirects to the loopback. Users would have to be running web servers on port 80 for that to work, and that seems extremely unlikely.
For the sake of consistency, my thought is that our connect jobs would abort with a new Net error code, and all the places we are (unfortunately) doing manual DNS resolution and connection logic would similarly be updated.
But I think the TCPConnectJob / StreamSocket::Connect are the most likely places work this in.
I don't have a good answer for the UDP case (QUIC, WebRTC), other than, similarly, "fail with special error code"