[pcap-ng-format] reserving blocks for decryption?

Jasper Bongertz jasper at packet-foo.com
Mon Feb 10 10:54:06 UTC 2014


Hi Anders,

I agree, having SSL decryption info stored as a comment is a
workaround, but not a smart solution. Having a decryption block is
certainly an interesting idea, especially since it would allow to
strip it if necessary, or even do some sort of password protection for
the block. I would call such a block a PROTOCOL DECRYPTION
block (or something similar), because we might have an file level
encryption block at some point, too.

A protocol decryption block could be designed to be universal
for WLAN encryption, IPSec, OpenVPN, SSL etc. with different sub
options, as you proposed.

Question is - is this urgent or can we call another round table for
PCAPng at Sharkfest, discussing procedures for the adding of new block
types and block options?

Cheers,
Jasper

Monday, February 10, 2014, 10:02:09 AM, you wrote:

> Hi,
> On the topic of new blocks how about "decryption blocks" the bug
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9616 uses the
> comments to store SSL decryption details.
> I feel it would be better in a pcap-ng block. I'm also looking into
> IPsec ESP where it could be useful to have a decryption block. I
> haven't really thought about the format of such blocks.
> Perhaps a generic decryption block with sub options per encryption protocol?

> Regards
> Anders

> _______________________________________________
> pcap-ng-format mailing list
> pcap-ng-format at winpcap.org
> https://www.winpcap.org/mailman/listinfo/pcap-ng-format


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3708 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20140210/0c4e9aff/attachment.bin>


More information about the pcap-ng-format mailing list