On Oct 5, 2018, at 6:47 AM, Michael Richardson <mcr@xxxxxxxxxxxx> wrote:
> Guy Harris <guy@xxxxxxxxxxxx> wrote:
>> The second and third option require either the producer, or some
>> post-processor, to write a new version of the file putting the secrets
>> before the packets that require them. The producer isn't necessarily
>> responsible for doing so; one might have tcpdump, or dumpcap (or some
>> program using dumpcap, such as TShark or Wireshark) write out a capture
>> with no secrets, and then have another program (a utility, or Wireshark
>> after having read in the file and then given the secret in question)
>> write out a new file with the secrets early enough in the file ("before
>> all the packet blocks" is probably the simplest implementation).
>
> I'm in favour of this option, and providing a signal early in the file that
> the indicates if that process has occured yet.
"That process" being the process of adding all relevant secrets to the file?
For what would that indication be used?
