Re: Embed SSL keylog file in pcap-ng

[Guy Harris <guy () alum mit edu>]

On May 5, 2018, at 1:40 AM, Ahmad Fatoum <ahmad () a3f at> wrote:

> > On 5May 2018, at 09:31, Guy Harris <guy () alum mit edu> wrote:
> >
> > "Support multiple protocols in a capture" in what sense?
>
> multiple protocols with a key block each, e.g. TLS and Tibia interleaved in the same capture file.

That doesn't require "some authority that allocates protocol identifiers", because it doesn't require protocol 
identifiers; all that needs to be done is to allocate pcapng block types to those protocols that require some 
additional information to decrypt its traffic.

> > > some authority that allocates protocol identifiers would be desirable
> >
> > If this is going to be in pcapng files, the authority would be the pcapng file format maintainers.
>
> Of course, the pcapng maintainers are the authority on the block's structure,
> but the protocol identifier would be a field inside the new "Wireshark dissector preferences" block and managed by 
> Wireshark, no?

No.

> > Once they're in pcapng blocks, unless the block is Wireshark-specific, the preferences would be managed entirely by 
> > the pcapng developers, not the Wireshark developers.
>
> The block is Wireshark-specific.

That is precisely what I *DO NOT WANT*.

I want a mechanism to allow an *arbitrary* program to use a key to decrypt traffic.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe