[NCAP-Discuss] Data / CI effectiveness (was Re: why enhanced controlled interruption - not legal)

Casey Deccio casey at deccio.net
Fri Feb 25 21:57:14 UTC 2022 

Hi Danny and all,

> On Feb 25, 2022, at 1:32 PM, Danny McPherson <danny at tcb.net> wrote:
> 
> I'm saying that unless we can prove CI is effective (which I have seen no data to support)

I have been half-watching this conversation until now, but this caught my eye and is something I can speak to, as the data surrounding CI is something that I am currently studying.

I am analyzing various data sets and performing outreach to better understand the effectiveness of CI, as has been implemented since August 2014.  At this point I don't have any solid conclusions, one way or the other, but I am making some progress and hope to have some better answers in the next month or so.  That being said, here is a (very) brief preview of some of the things I am seeing.  

Please note that this is all somewhat preliminary, and there is more detail that is lacking from in this brief description but will be forthcoming.

new gTLDs - the 885 gTLDs delegated between Aug 2014 and June 2021.
suffix - a DNS suffix applied to computer system (e.g., foo.com), observed during the CI period (first 100 days of delegation).  A total of 2300 were identified using Farsight's DNSDB, from approximately 166 of the new gTLDs (again, there are some implementation details missing here, but this is a pretty good estimate).  Note that none of these 2300 suffixes *is* a new gTLD itself, but is rather a proper subdomain.

After analyzing the 2014, 2015, 2016, 2017, and 2021 DITL data (2018 through 2020 are in process), I have seen the following trends:

Year		Obs		Del		Pct1		Del/Obs	Pct
2014	1858				
2015	1806	1037	79%		743		72%
2016	1610	1808	70%		1207	67%
2017	1508	2018	66%		1248	62%
2021	1283	2300	56%		1283	56%

Obs - suffixes observed in DITL queries
Del - suffixes for which TLD is delegated
Pct1 - Percent of overall suffixes observed
Pct2 - Percent of suffixes observed for which TLD was delegated

Here is a view from the perspective of TLDs for which suffixes were observed:

Year		Del	Obs	Pct	
2015	60	46	77%
2016	138	103	75%
2017	191	139	73%
2021	200	129	65%

Obs - TLDs for which suffixes were observed in DITL queries
Del - TLDs delegated
Pct - Percent of TLDs for which suffixes were observed

Note again that Pct is clearly decreasing over the years.

Finally:

		qnames	IPs		ASNs
2015    	16.0 	16.0  	7.0
2016   	18.0 	18.0  	7.0
2017    	12.0 	13.0  	6.0
2021    	10.0 	16.0  	5.0

These are the 75th percentile values associated with suffixes (with delegated TLDs)  in each of the years:
qnames - number of qnames observed with that suffix (75th percentile)
IPs - number of IP addresses querying for that suffix (75th percentile)
ASNs - number of ASNs from queries for that suffix originated (75th percentile)

This one is a little trickier because new suffixes are introduced each year with the delegation of their corresponding TLDs.  Nonetheless, there is an overall decrease here, even if it is not quite as dramatic.

Again, analysis is still underway, so take this for what it's worth.

Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20220225/16162041/attachment.html>

More information about the NCAP-Discuss mailing list