[NCAP-Discuss] Collisions as a force for good

[Jeff Schmidt]

On 4/29/20, 2:26 PM, "Danny McPherson" <danny at tcb.net> wrote:

>  Did the ICANN data suggest that more people are online and leaking 
>  queries as a result, or was it just more volume mostly from the same 
>  people?

Total queries went up and proportional queries to .corp went up, so probably both.

> Do you have any citations for your 10% v. 90% numbers?

Personal experience.  Most large companies I've consulted with (including several F20 firms in the past month) plan for less than 5% of their overall global employee base to be connected to the VPN at any given time (often < 2%.  Small proportions).  Which makes sense; folks like us are anomalies globally; in the rest of the world most folks work from an office, factory floor, etc.  95/5, 90/10, precision doesn’t matter.  What matters is that it's a *huge* swing that happened *quick.*

>  I don't believe responsible IT administrators delay things based on 
> risk, I'd guess most simply were not aware, but I don't know for sure.

There's some of both.  As I've actively sought-out folks committing various corp.com sins over the past 5 years, several knew of the issue and understood it but chose not to take action because they viewed the cure as worse than the disease.  

> Are you suggesting controlled interruption on non-delegated TLDs that 
> have seen upticks in queries, outreach to those individuals, or 
> something else here?

I'm suggesting ICANN put some resources behind "marketing" and "education" of this issue directed toward IT admins as they did in 2015.  Calling out the change in the field of play given COVID is useful and for folks that make risk-based decisions it could tip the hat.

Jeff