The rationale for why IS-09 System API should NOT be covered by IS-10 authorization was that system parameters needed to be available to everyone. But this doesn't seem to be explicitly stated in IS-09, IS-10, BCP-003-02 or INFO-002. To avoid the appearance of an oversight that IS-09 doesn't mention api_auth TXT record, maybe an informative note in IS-09, along with comments in INFO-002 would make sense?
The rationale for why IS-09 System API should NOT be covered by IS-10 authorization was that system parameters needed to be available to everyone. But this doesn't seem to be explicitly stated in IS-09, IS-10, BCP-003-02 or INFO-002. To avoid the appearance of an oversight that IS-09 doesn't mention api_auth TXT record, maybe an informative note in IS-09, along with comments in INFO-002 would make sense?