On Nov 2, 2012, at 6:47 AM, Marc Petit-Huguenin <marc@xxxxxxxxxxxxxxxxxx> wrote:
> But I think that this kind of redundancy, that can only create
> interoperability issues or security vulnerabilities, should not appear in a
> newly designed file format.
It's not exactly "newly-designed" - I have a mail message from 2005 discussing a pcap-ng draft, so it's over 7 years old (it's from February 2005).
> Is there a process existing to evolve this format?
Discussions are held on the pcap-ng-format mailing list:
https://www.winpcap.org/mailman/listinfo/pcap-ng-format
(and that's where the discussion of opt_endofopt should probably move - it's already been discussed there).
> The spec has been written with IETF tools, but I cannot find a submission for it.
It hasn't been submitted; I presume the intent was to do so when it was considered "ready".
> I can help navigate the IETF process if there is an interest in pushing this spec as a standard. I think that this is typically the kind of thing that can be improved by the reviews from IETF members,
Yes, but...
> and IANA is a good place for the various registries required.
...I'm less sure of that. One of the registries is the LINKTYPE_ registry (the current version of the spec enumerates LINKTYPE_ values, but that should be replaced with "see http://www.tcpdump.org/linktypes.html), and I'm not sure whether the IETF should own that registry or not - what would the process for getting new LINKTYPE_ values be if it were to be owned by the IETF?
