On May 5, 2018, at 1:40 AM, Ahmad Fatoum <ahmad@xxxxxx> wrote:
>> On 5May 2018, at 09:31, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>>
>> "Support multiple protocols in a capture" in what sense?
>
> multiple protocols with a key block each, e.g. TLS and Tibia interleaved in the same capture file.
That doesn't require "some authority that allocates protocol identifiers", because it doesn't require protocol identifiers; all that needs to be done is to allocate pcapng block types to those protocols that require some additional information to decrypt its traffic.
>>> some authority that allocates protocol identifiers would be desirable
>>
>> If this is going to be in pcapng files, the authority would be the pcapng file format maintainers.
>
> Of course, the pcapng maintainers are the authority on the block's structure,
> but the protocol identifier would be a field inside the new "Wireshark dissector preferences" block and managed by Wireshark, no?
No.
>> Once they're in pcapng blocks, unless the block is Wireshark-specific, the preferences would be managed entirely by the pcapng developers, not the Wireshark developers.
>
> The block is Wireshark-specific.
That is precisely what I *DO NOT WANT*.
I want a mechanism to allow an *arbitrary* program to use a key to decrypt traffic.