Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop Report
RFC 8953
Document | Type |
RFC - Informational
(December 2020; No errata)
Was draft-moriarty-caris2 (individual)
|
|
---|---|---|---|
Author | Kathleen Moriarty | ||
Last updated | 2020-12-16 | ||
Stream | ISE | ||
Formats | plain text html xml pdf htmlized bibtex | ||
IETF conflict review | conflict-review-moriarty-caris2 | ||
Stream | ISE state | Published RFC | |
Consensus Boilerplate | Unknown | ||
Document shepherd | Adrian Farrel | ||
Shepherd write-up | Show (last changed 2020-07-03) | ||
IESG | IESG state | RFC 8953 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | Adrian Farrel <rfc-ise@rfc-editor.org> | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Independent Submission K. Moriarty Request for Comments: 8953 Center for Internet Security Category: Informational December 2020 ISSN: 2070-1721 Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop Report Abstract The Coordinating Attack Response at Internet Scale (CARIS) 2 workshop, sponsored by the Internet Society, took place on 28 February and 1 March 2019 in Cambridge, Massachusetts, USA. Participants spanned regional, national, international, and enterprise Computer Security Incident Response Teams (CSIRTs), operators, service providers, network and security operators, transport operators and researchers, incident response researchers, vendors, and participants from standards communities. This workshop continued the work started at the first CARIS workshop, with a focus on scaling incident prevention and detection as the Internet industry moves to a stronger and a more ubiquitous deployment of session encryption. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8953. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction 2. Accepted Papers 3. CARIS2 Goals 4. Workshop Collaboration 4.1. Breakout 1 Results: Standardization and Adoption 4.1.1. Wide Adoption 4.1.2. Limited Adoption 4.2. Breakout 2 Results: Preventative Protocols and Scaling Defense 4.3. Breakout 3 Results: Incident Response Coordination 4.4. Breakout 4 Results: Monitoring and Measurement 4.4.1. IP Address Reputation 4.4.2. Server Name Authentication Reputation C (SNARC) 4.4.3. Logging 4.4.4. Fingerprinting 4.5. Taxonomy and Gaps Session 5. Next Steps 6. Summary 7. Security Considerations 8. IANA Considerations 9. References 9.1. Informative References Acknowledgements Author's Address 1. Introduction The Coordinating Attack Response at Internet Scale (CARIS) 2 workshop [CARISEvent], sponsored by the Internet Society, took place on 28 February and 1 March 2019 in Cambridge, Massachusetts, USA. Participants spanned regional, national, international, and enterprise Computer Security Incident Response Teams (CSIRTs), operators, service providers, network and security operators, transport operators and researchers, incident response researchers, vendors, and participants from standards communities. This workshop continued the work started at the first CARIS workshop [RFC8073], with a focus on scaling incident prevention and detection as the Internet industry moves to a stronger and a more ubiquitous deployment of session encryption. Considering the related initiative to form a research group (Stopping Malware and Researching Threats [SMART]) in the Internet Research Task Force (IRTF), the focus on prevention included consideration of research opportunities to improve protocols and determine if there are ways to improve attack detection during the protocol design phase that could later influence protocol development in the IETF. This is one way to think about scaling response, through prevention and allowing for new methods to evolve for detection in a post-encrypted world. Although the proposed SMART Research Group has not yet progressed, the work to better scale incident response continues through the projects proposed at CARIS2 as well as in future CARIS workshops. 2. Accepted Papers Researchers from around the world submitted position and research papers summarizing key aspects of their work to help form the shared content of the workshop. The accepted papers may be found at [CARISEvent] and include: * Visualizing Security Automation: Takeshi Takahashi, NICT, Japan * Automating Severity Determination: Hideaki Kanehara, NICT, JapanShow full document text