Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop Report
draft-moriarty-caris2-00

Document Type Active Internet-Draft (individual)
Last updated 2019-05-14
Stream (None)
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Internet Engineering Task Force                              K. Moriarty
Internet-Draft                                                   DellEMC
Intended status: Informational                              May 14, 2019
Expires: November 15, 2019

   Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop
                                 Report
                        draft-moriarty-caris2-00

Abstract

   The Coordinating Attack Response at Internet Scale (CARIS) 2 workshop
   workshop [CARISEvent], sponsored by the Internet Society, took place
   28 February and 1 March 2019 in Cambridge, Massachusetts, USA.
   Participants spanned regional, national, international, and
   enterprise CSIRTs, operators, service providers, network and security
   operators, transport operators and researchers, incident response
   researchers, vendors, and participants from standards communities.
   This workshop continued the work started at the first CARIS workshop,
   with a focus for CARIS 2 on scaling incident prevention and detection
   as the Internet industry moves to stronger and a more ubiquitous
   deployment of session encryption.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on November 15, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents

Moriarty                Expires November 15, 2019               [Page 1]
Internet-Draft                CARIS2 Report                     May 2019

   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Accepted Papers . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  CARIS2 Goals  . . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Workshop Collaboration  . . . . . . . . . . . . . . . . . . .   4
     5.1.  Breakout 1 Results: Standardization and Adoption  . . . .   5
     5.2.  Breakout 2 Results:Preventative Protocols and Scaling
           Defense . . . . . . . . . . . . . . . . . . . . . . . . .   7
     5.3.  Breakout 3 Results: Incident Response Coordination  . . .   8
     5.4.  Breakout 4 Results: Monitoring and Measurement  . . . . .  10
     5.5.  Taxonomy and Gaps Session . . . . . . . . . . . . . . . .  11
   6.  Next Steps  . . . . . . . . . . . . . . . . . . . . . . . . .  12
   7.  Summary . . . . . . . . . . . . . . . . . . . . . . . . . . .  13
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  13
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  13
   10. Contributors  . . . . . . . . . . . . . . . . . . . . . . . .  13
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  14
     11.1.  Informative References . . . . . . . . . . . . . . . . .  14
     11.2.  URL References . . . . . . . . . . . . . . . . . . . . .  14
   Appendix A.  Change Log . . . . . . . . . . . . . . . . . . . . .  15
   Appendix B.  Open Issues  . . . . . . . . . . . . . . . . . . . .  15
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  15

1.  Introduction

   The Coordinating Attack Response at Internet Scale (CARIS) 2
   workshop, sponsored by the Internet Society, took place 28 February ?
   1 March 2019 in Cambridge, Massachusetts, USA.  Participants spanned
   regional, national, international, and enterprise CSIRTs, operators,
   service providers, network and security operators, transport
   operators and researchers, incident response researchers, vendors,
   and participants from standards communities.  This workshop continued
   the work started at the first CARIS workshop RFC8073 [RFC8073], with
   a focus for CARIS 2 on scaling incident prevention and detection as
   the Internet industry moves to stronger and a more ubiquitous
Show full document text