I'm not sure the 'Molesworth Principle" should apply here. In this case, the requestor has explicitly set "matchedValuesOnly" in an attempt to limit the size of the response. If he doesn't get enough information, he can always remove the matchedValuesOnly control and try again.
If it is left up to policy, the control becomes unusable in multi-directory environments. I think it's better to pick one definition and stick with it.
Other scenarios:
Harald -- Harald Tveit Alvestrand, Maxware, Norway Harald.Alvestrand@maxware.no