Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop Report
draft-moriarty-caris2-01

Document Type Active Internet-Draft (individual)
Last updated 2019-05-31
Stream (None)
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Internet Engineering Task Force                              K. Moriarty
Internet-Draft                                                   DellEMC
Intended status: Informational                               31 May 2019
Expires: 2 December 2019

   Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop
                                 Report
                        draft-moriarty-caris2-01

Abstract

   The *Coordinating Attack Response at Internet Scale (CARIS) 2*
   workshop workshop [CARISEvent], sponsored by the Internet Society,
   took place 28 February and 1 March 2019 in Cambridge, Massachusetts,
   USA.  Participants spanned regional, national, international, and
   enterprise CSIRTs, operators, service providers, network and security
   operators, transport operators and researchers, incident response
   researchers, vendors, and participants from standards communities.
   This workshop continued the work started at the first CARIS workshop,
   with a focus for CARIS 2 on scaling incident prevention and detection
   as the Internet industry moves to stronger and a more ubiquitous
   deployment of session encryption.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 2 December 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/

Moriarty                 Expires 2 December 2019                [Page 1]
Internet-Draft                CARIS2 Report                     May 2019

   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Accepted Papers . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  CARIS2 Goals  . . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Workshop Collaboration  . . . . . . . . . . . . . . . . . . .   5
     5.1.  Breakout 1 Results: Standardization and Adoption  . . . .   5
     5.2.  Breakout 2 Results:Preventative Protocols and Scaling
           Defense . . . . . . . . . . . . . . . . . . . . . . . . .   7
     5.3.  Breakout 3 Results: Incident Response Coordination  . . .   8
     5.4.  Breakout 4 Results: Monitoring and Measurement  . . . . .  10
     5.5.  Taxonomy and Gaps Session . . . . . . . . . . . . . . . .  12
   6.  Next Steps  . . . . . . . . . . . . . . . . . . . . . . . . .  13
   7.  Summary . . . . . . . . . . . . . . . . . . . . . . . . . . .  13
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  14
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
   10. Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  14
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  14
     11.1.  Informative References . . . . . . . . . . . . . . . . .  14
     11.2.  URL References . . . . . . . . . . . . . . . . . . . . .  14
   Appendix A.  Change Log . . . . . . . . . . . . . . . . . . . . .  15
   Appendix B.  Open Issues  . . . . . . . . . . . . . . . . . . . .  15
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  15

Moriarty                 Expires 2 December 2019                [Page 2]
Internet-Draft                CARIS2 Report                     May 2019

1.  Introduction

   The Coordinating Attack Response at Internet Scale (CARIS) 2
   workshop, sponsored by the Internet Society, took place 28 February ?
   1 March 2019 in Cambridge, Massachusetts, USA.  Participants spanned
   regional, national, international, and enterprise CSIRTs, operators,
   service providers, network and security operators, transport
   operators and researchers, incident response researchers, vendors,
   and participants from standards communities.  This workshop continued
   the work started at the first CARIS workshop [RFC8073], with a focus
   for CARIS 2 on scaling incident prevention and detection as the
   Internet industry moves to stronger and a more ubiquitous deployment
   of session encryption.  Considering the related initiative to from a
Show full document text