Coordinating Attack Response at Internet Scale (CARIS) Workshop Report
RFC 8073
Internet Architecture Board (IAB) K. Moriarty
Request for Comments: 8073 M. Ford
Category: Informational March 2017
ISSN: 2070-1721
Coordinating Attack Response at Internet Scale (CARIS) Workshop Report
Abstract
This report documents the discussions and conclusions from the
Coordinating Attack Response at Internet Scale (CARIS) workshop that
took place in Berlin, Germany on 18 June 2015. The purpose of this
workshop was to improve mutual awareness, understanding, and
coordination among the diverse participating organizations and their
representatives.
Note that this document is a report on the proceedings of the
workshop. The views and positions documented in this report are
those of the workshop participants and do not necessarily reflect IAB
views and positions.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Architecture Board (IAB)
and represents information that the IAB has deemed valuable to
provide for permanent record. It represents the consensus of the
Internet Architecture Board (IAB). Documents approved for
publication by the IAB are not a candidate for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8073.
Moriarty & Ford Informational [Page 1]
RFC 8073 CARIS March 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Sessions and Panel Groups . . . . . . . . . . . . . . . . . . 4
2.1. Coordination between CSIRTs and Attack Response
Mitigation Efforts . . . . . . . . . . . . . . . . . . . 5
2.2. Scaling Response to DDoS and Botnets Effectively and
Safely . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3. DNS and RIRs: Attack Response and Mitigation . . . . . . 9
2.4. Trust Privacy and Data Markings Panel . . . . . . . . . . 10
3. Workshop Themes . . . . . . . . . . . . . . . . . . . . . . . 11
4. Next Steps . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.1. RIR and DNS Provider Resources . . . . . . . . . . . . . 12
4.2. Education and Guidance . . . . . . . . . . . . . . . . . 12
4.3. Transport Options . . . . . . . . . . . . . . . . . . . . 12
4.4. Updated Template for Information Exchange Groups . . . . 13
5. Security Considerations . . . . . . . . . . . . . . . . . . . 13
6. Informative References . . . . . . . . . . . . . . . . . . . 13
Appendix A. Workshop Attendees . . . . . . . . . . . . . . . . . 15
IAB Members at the Time of Approval . . . . . . . . . . . . . . . 15
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
Moriarty & Ford Informational [Page 2]
RFC 8073 CARIS March 2017
1. Introduction
The Internet Architecture Board (IAB) holds occasional workshops
designed to consider long-term issues and strategies for the
Internet, and to suggest future directions for the Internet
architecture. This long-term planning function of the IAB is
complementary to the ongoing engineering efforts performed by working
groups of the Internet Engineering Task Force (IETF), under the
leadership of the Internet Engineering Steering Group (IESG) and area
directorates.
The Internet Architecture Board (IAB) and the Internet Society (ISOC)
hosted a day-long Coordinating Attack Response at Internet Scale
(CARIS) workshop on 18 June 2015 in coordination with the Forum for
Incident Response and Security Teams (FIRST) Conference in Berlin.
The workshop included members of the FIRST community, attack response
working group representatives, network and security operators,
Regional Internet Registry (RIR) representatives, researchers,
Show full document text