[pcap-ng-format] Proposed addition of keylog blocks
Ben Higgins
ben at extrahop.com
Sat May 19 03:02:31 UTC 2018
On Fri, May 18, 2018 at 11:56 AM, Ben Higgins <ben at extrahop.com> wrote:
> Hey folks,
>
> I'd like to propose the addition of two block types, one for SSL/TLS and
> one for DTLS, both of which contain key log information in the format
> described here: https://developer.mozilla.org/en-US/docs/
> Mozilla/Projects/NSS/Key_Log_Format
>
> Any number of these blocks can be included in a pcapng file at any
> location and should be considered to apply to the pcapng section in which
> they occur.
>
> I propose these block numbers be reserved for the purpose:
>
> 0x000001bb - SSL/TLS Key Log
> 0x000001bc - DTLS Key Log
>
> Thoughts?
>
Per feedback on the Wireshark dev mailing list, let's instead go with a
single key log block for SSL/TLS and DTLS, value 0x000001bb.
Additionally, the keylog contents will only be applicable to subsequent
packets.
>
> Thanks,
> Ben
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20180518/e002e4a6/attachment.html>
More information about the pcap-ng-format
mailing list