Wireshark-dev: Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 5 May 2018 01:47:03 -0700
On May 5, 2018, at 1:40 AM, Ahmad Fatoum <ahmad@xxxxxx> wrote:

>> On 5May 2018, at 09:31, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>> 
>> "Support multiple protocols in a capture" in what sense?
> 
> multiple protocols with a key block each, e.g. TLS and Tibia interleaved in the same capture file.

That doesn't require "some authority that allocates protocol identifiers", because it doesn't require protocol identifiers; all that needs to be done is to allocate pcapng block types to those protocols that require some additional information to decrypt its traffic.

>>> some authority that allocates protocol identifiers would be desirable
>> 
>> If this is going to be in pcapng files, the authority would be the pcapng file format maintainers.
> 
> Of course, the pcapng maintainers are the authority on the block's structure,
> but the protocol identifier would be a field inside the new "Wireshark dissector preferences" block and managed by Wireshark, no?

No.

>> Once they're in pcapng blocks, unless the block is Wireshark-specific, the preferences would be managed entirely by the pcapng developers, not the Wireshark developers.
> 
> The block is Wireshark-specific.

That is precisely what I *DO NOT WANT*.

I want a mechanism to allow an *arbitrary* program to use a key to decrypt traffic.