Skip to main content
  • IETF 117 Highlights

    IETF 117 is a few weeks behind us and Dhruv Dhody, IAB Member and liaison to the IESG, took the opportunity to report on a few highlights and some impressions.

    • Dhruv DhodyIAB Member and liaison to the IESG
    21 Aug 2023
  • Proposed response to meeting venue consultations and the complex issues raised

    The IETF Administration LLC recently sought feedback from the community on the possibility of holding an IETF Meeting in the cities of Beijing, Istanbul, Kuala Lumpur and Shenzhen, with received feedback including views that were well expressed and well argued but strongly conflicting. The IETF LLC has considered this feedback in-depth and now seeks community feedback on its proposed response.

    • Jay DaleyIETF Executive Director
    21 Aug 2023
  • Submit Birds of a Feather session proposals for IETF 118

    Now's the time to submit Birds of a Feather session (BOFs) ideas for the IETF 118 meeting 4-10 November 2023, with proposals due by 8 September.

      16 Aug 2023
    • Applied Networking Research Workshop 2023 Review

      More than 250 participants gathered online and in person for ANRW 2023, the academic workshop that provides a forum for researchers, vendors, network operators, and the Internet standards community to present and discuss emerging results in applied networking research.

      • Maria ApostolakiANRW Program co-chair
      • Francis YanANRW Program co-chair
      16 Aug 2023
    • IETF 117 post-meeting survey

      IETF 117 San Francisco was held 22-28 July 2023 and the results of the post-meeting survey are now available on a web-based interactive dashboard.

      • Jay DaleyIETF Executive Director
      11 Aug 2023

    Filter by topic and date

    Filter by topic and date

    CARIS Workshop Summary and Reflection

      25 Jun 2015

      The Internet Architecture Board (IAB) and the Internet Society (ISOC) hosted day-long Coordinating Attack Response at Internet Scale (CARIS) workshop took place last Friday in coordination with the Forum for Incident Response and Security Teams (FIRST) Conference in Berlin.

      CARIS Workshop Blog image

      The workshop included members of the FIRST community, attack response working group representatives (APWG, ACDC, etc.), network & security operators, RIR representatives, researchers, vendors, and representatives from standards communities. Key goals of the workshop were to improve mutual awareness, understanding, and coordination among the diverse participating organizations. The workshop also aimed at providing greater awareness of existing efforts to mitigate specific types of attacks, and greater understanding of the options others have to collaborate and engage with these efforts.

      The day-long workshop included a mix of invited and selected speakers with opportunities to collaborate throughout, taking full advantage of the tremendous value of having these diverse communities with common goals in one room. There were approximately 50 participants engaged in the CARIS workshop from the 25 papers received and additional 20 template submissions.  The template submissions will be maintained at the Internet Society web site and as a result of the workshop will be amended to provide additional value to the computer security incident response teams (CSIRTs) and attack response communities/operators on their information exchange activities.  The CARIS participants found the template submissions to be very useful in coordinating their future attack mitigation efforts.  Nothing like this had previously been done — this is open for the global community and hosted in a neutral location.  All submissions are linked from the agenda.

      The workshop talks and panels involved full participation from attendees who were required to read all other submissions.  The panels were organized to spur conversation between specific groups to see if we could further progress towards more efficient and effective attack mitigation efforts.  See paper and blog series for additional information on possible approaches to accomplish more effective attack response and information exchanges with methods that require fewer analysts.

      Panel groups: 

      • Coordination between CSIRTS and attack response mitigation efforts
      • Distributed Denial of Service and Botnet researchers, vendors, and operators
      • Infrastructure: DNS and RIR providers and researchers
      • Trust and Privacy with the exchange of potentially sensitive information
      • IAB wrap up for architecture next steps

      There were a few items that stood out to me from the workshop (more to be included in the formal report):

      1. The participants are interested in expanded information on the resources and assistance offered by the RIRs and DNS providers.  Participants are going to define what is needed with follow through on next steps.
      2. Another reoccurring theme was the lack of knowledge by the community of basic security principles such as ingress and egress filtering explained in BCP38.  The CSIRTS, operators, and vendors of attack mitigation tools found this particularly frustrating.  As a result, follow up activities may include determining if security guidance BCPs require updates or to determine whether there are opportunities to educate on these basic principles already documented by the IETF.
      3. After the workshop, the Internet Society hosted a three and a half hour boat tour through the canals of Berlin, offering additional time for collaboration among participants.  One of the lively discussions was the need for better transports for information exchange.  As the author of Real-time Inter-network Defense (RID), I agree.  RID was written more than 10 years ago and while the patterns established still show promise, there are updated solutions being worked on.  One such solution is in the IETF DOTS working group, that has an approach similar to RID with updated formats and protocols to meet the demands of todays DDoS attacks.  While TAXII (another transport option) is just in transition to OASIS, its base is similar to RID in its use of SOAP-like messaging, which will likely prevent it from scaling to the demands of the Internet.  Vendors also cited several interoperability challenges in TAXII.  Alternatively, XMPP-Grid has been proposed in the IETF SACM working group and it offers promise as the data exchange protocol.  XMPP inherently meets the requirements for today’s information exchanges with features such as publish/subscribe, federation, and use of a control channel.  XMPP-grid is taking off too with at least 10 current vendors using open source code in their products with several more planning to add support.  Review and discussion of this draft would be helpful.  REST was also brought up as a needed interface.  IETF’s MILE has a draft detailing a common RESTful interface (ROLIE) that could be used with any data format and may be of interest.  It would be good to hear from the community if this draft is of value to assist with that gap and it would be resurrected if helpful.

      This blog just offers a taste of the workshop and a full report will be forthcoming as will follow up from the IAB on this important meeting.  As the workshop chair, I was very excited that the CARIS workshop had over 20% female participation!   In a field where the percentage is usually between 12-18%, this was impressive.

      I would like to offer a sincere thank you to each of the program committee members as well as our sponsors:

      • FIRST provided a room and excellent facilities in partnership with their annual conference in Berlin.
      • The Internet Society hosted the social event, a boat ride through the canals of Berlin.
      • EMC Corporation provided lunch, snacks and coffee throughout the day to keep us going!

      Program Committee:
      Matthew Ford, Internet Society, UK
      Ted Hardie, Google
      Joe Hildebrand, Cisco, USA
      Eliot Lear, Cisco, Switzerland
      Kathleen M. Moriarty, EMC Corporation, USA
      Andrew Sullivan, Dyn
      Brian Trammell, ETH Zurich, Switzerland

      Share this page