Wireshark-dev: Re: [Wireshark-dev] [pcap-ng-format] Proposal for storing decryption secrets in
Peter Wu <peter@xxxxxxxxxxxxx> wrote:
> Requirements for block placement:
> - No requirement. Producers are allowed to write the block anywhere.
> Disadvantages for consumers: requires a two-pass scan to collect
> secrets before they are used.
I prefer this, but I would support having a flag in the block that
says that no other blocks exist in the file until at least X-bytes.
So, a producer (or something downstream of it), could scan for the
blocks, move them to the front, and indicate how far into the file it cover.
Naturally, if X >= file size, then the work is done.
> - Place secrets before the packet blocks that require them. Consumers
> can read and decrypt in one pass. Disadvantage: producers cannot
> always guarantee availability of secrets while writing the capture.
> - Place a single secret block before the first packet block. Consumers
> can read and decrypt in one pass. Disadvantage: requires producers to
> post-process (rewrite) the capture file to insert secrets.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
