How should the scope be declared to cover a domain and all its subdomains? The latest draft restricts the scope to the publishing domain name or IP address only, but for our university I would like to explicitly declare a domain with its subdomains and IP space (CIDR blocks) to be under one declaration. Publishing a security.txt on each of our resources is not feasible.

Maybe a separate Scope: field?