Coordinating Attack Response at Internet Scale (CARIS) Workshop Report
RFC 8073

Document Type RFC - Informational (March 2017; No errata)
Last updated 2017-03-29
Replaces draft-moriarty-carisreport
Stream IAB
Formats plain text pdf html bibtex
Stream IAB state Published RFC
Consensus Boilerplate Yes
RFC Editor Note (None)
Internet Architecture Board (IAB)                            K. Moriarty
Request for Comments: 8073                                       M. Ford
Category: Informational                                       March 2017
ISSN: 2070-1721

 Coordinating Attack Response at Internet Scale (CARIS) Workshop Report

Abstract

   This report documents the discussions and conclusions from the
   Coordinating Attack Response at Internet Scale (CARIS) workshop that
   took place in Berlin, Germany on 18 June 2015.  The purpose of this
   workshop was to improve mutual awareness, understanding, and
   coordination among the diverse participating organizations and their
   representatives.

   Note that this document is a report on the proceedings of the
   workshop.  The views and positions documented in this report are
   those of the workshop participants and do not necessarily reflect IAB
   views and positions.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Architecture Board (IAB)
   and represents information that the IAB has deemed valuable to
   provide for permanent record.  It represents the consensus of the
   Internet Architecture Board (IAB).  Documents approved for
   publication by the IAB are not a candidate for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc8073.

Moriarty & Ford               Informational                     [Page 1]
RFC 8073                          CARIS                       March 2017

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Sessions and Panel Groups . . . . . . . . . . . . . . . . . .   4
     2.1.  Coordination between CSIRTs and Attack Response
           Mitigation Efforts  . . . . . . . . . . . . . . . . . . .   5
     2.2.  Scaling Response to DDoS and Botnets Effectively and
           Safely  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     2.3.  DNS and RIRs: Attack Response and Mitigation  . . . . . .   9
     2.4.  Trust Privacy and Data Markings Panel . . . . . . . . . .  10
   3.  Workshop Themes . . . . . . . . . . . . . . . . . . . . . . .  11
   4.  Next Steps  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     4.1.  RIR and DNS Provider Resources  . . . . . . . . . . . . .  12
     4.2.  Education and Guidance  . . . . . . . . . . . . . . . . .  12
     4.3.  Transport Options . . . . . . . . . . . . . . . . . . . .  12
     4.4.  Updated Template for Information Exchange Groups  . . . .  13
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  13
   6.  Informative References  . . . . . . . . . . . . . . . . . . .  13
   Appendix A. Workshop Attendees  . . . . . . . . . . . . . . . . .  15
   IAB Members at the Time of Approval . . . . . . . . . . . . . . .  15
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  16
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  16

Moriarty & Ford               Informational                     [Page 2]
RFC 8073                          CARIS                       March 2017

1.  Introduction

   The Internet Architecture Board (IAB) holds occasional workshops
   designed to consider long-term issues and strategies for the
   Internet, and to suggest future directions for the Internet
   architecture.  This long-term planning function of the IAB is
   complementary to the ongoing engineering efforts performed by working
   groups of the Internet Engineering Task Force (IETF), under the
   leadership of the Internet Engineering Steering Group (IESG) and area
   directorates.

   The Internet Architecture Board (IAB) and the Internet Society (ISOC)
   hosted a day-long Coordinating Attack Response at Internet Scale
   (CARIS) workshop on 18 June 2015 in coordination with the Forum for
   Incident Response and Security Teams (FIRST) Conference in Berlin.
   The workshop included members of the FIRST community, attack response
   working group representatives, network and security operators,
   Regional Internet Registry (RIR) representatives, researchers,
Show full document text