Wireshark mailing list archives
Re: [pcap-ng-format] Proposal for storing decryption secrets in a pcapng block
From: Michael Richardson <mcr () sandelman ca>
Date: Sun, 30 Sep 2018 19:43:04 -0400
Peter Wu <peter () lekensteyn nl> wrote: > Requirements for block placement: > - No requirement. Producers are allowed to write the block anywhere. > Disadvantages for consumers: requires a two-pass scan to collect > secrets before they are used. I prefer this, but I would support having a flag in the block that says that no other blocks exist in the file until at least X-bytes. So, a producer (or something downstream of it), could scan for the blocks, move them to the front, and indicate how far into the file it cover. Naturally, if X >= file size, then the work is done. > - Place secrets before the packet blocks that require them. Consumers > can read and decrypt in one pass. Disadvantage: producers cannot > always guarantee availability of secrets while writing the capture. > - Place a single secret block before the first packet block. Consumers > can read and decrypt in one pass. Disadvantage: requires producers to > post-process (rewrite) the capture file to insert secrets. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr () sandelman ca http://www.sandelman.ca/ | ruby on rails [ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [pcap-ng-format] Proposal for storing decryption secrets in a pcapng block Michael Richardson (Oct 01)
- Re: [pcap-ng-format] Proposal for storing decryption secrets in a pcapng block Jasper Bongertz (Oct 01)