Hey folks, Here's what I'm thinking at this point: a new block type for SSL/TLS keylogs and another block type for DTLS keylogs. The contents of each will be the format as described here: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
Any number of these blocks can be included. For each block encountered, ssl_load_keyfile will be called, with the correct per-protocol master key map included. Some code refactoring to ssl_load_keyfile will likely be required since we're dealing with an array of bytes instead of a FILE. One thing I'm unclear on is how to trigger a reparse of previously processed packets when a keylog block is encountered at e.g. the end of the file. Is that possible? Thanks, Ben On Sat, May 5, 2018 at 2:19 AM, Guy Harris <g...@alum.mit.edu> wrote: > On May 5, 2018, at 2:07 AM, Ahmad Fatoum <ah...@a3f.at> wrote: > > >> On 5May 2018, at 10:47, Guy Harris <g...@alum.mit.edu> wrote: > >> > >> That doesn't require "some authority that allocates protocol > identifiers", because it doesn't require protocol identifiers; all that > needs to be done is to allocate pcapng block types to those protocols that > require some additional information to decrypt its traffic. > > > > I like the idea of a "universal" key pcapng block more than requiring > each interested protocol to request its own block. > > Each protocol's key format has to be documented, to allow arbitrary > programs to use the block, so they'll have to request it *anyway*, > supplying the key format as part of the request. > > ____________________________________________________________ > _______________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject= > unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
