IETF Logo Mail Archive

Re: [DNSOP] [Ext] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)

Jim Hague <jim@sinodun.com> Wed, 28 November 2018 14:53 UTC

Return-Path: <jim@sinodun.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 683D8130F82; Wed, 28 Nov 2018 06:53:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTRO0Z2ogWnl; Wed, 28 Nov 2018 06:53:22 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46DC4130F94; Wed, 28 Nov 2018 06:53:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=balrog-2018; h=Date:From:To:Subject; bh=NxiK9vlvewNuuYluyNRmDxUnoNBQk5xJp45iTSH1cvs=; b=cMGBddVv4yJOZVKz0zZzcsEmoj jIGLyzVZHPSeopFP6viBv5XJZAAgebzh9pMG20LVSkp6MxR4ZpNsuD6UVfU/Dq4dHBmRzQVpftnYi cKxuPeCuL3w069TDtdkl1Pmyzyqc8/fGhh0sW1H+bqqjSVO8MfGfX2EEc5PVBY0rhkY3ZPRpQRuBA 5M93XUVCOWw/ac8HE7zzBYIVOPwQxY9NgISRnAtOQa6iO8NB9P82MsExNBh+S9hMJPeEg8+JD05P2 jMXL9nMCGGVS3YoRZKPxcR0tDoUxXjy1N9N8hwZ23yuuQo5S8qLpqQmkKZo0Uk9653LrMS/FCrWyf r7Zy08NQ==;
Received: from [2001:b98:204:102:fff1::11] (port=60202 helo=Jims-iMac.local) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <jim@sinodun.com>) id 1gS1DI-0003Wd-K8; Wed, 28 Nov 2018 14:53:20 +0000
To: Alexey Melnikov <aamelnikov@fastmail.fm>, Sara Dickinson <sara@sinodun.com>, Paul Hoffman <paul.hoffman@icann.org>
Cc: dnsop <dnsop@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-dnsop-dns-capture-format@ietf.org
References: <154265985064.16386.5550594646862412061.idtracker@ietfa.amsl.com> <BF3169F5-E68D-4C68-80D7-1772E7A9EDEA@sinodun.com> <1542811322.1310112.1584530512.0785569A@webmail.messagingengine.com> <4D2E72B7-1EEE-4BD2-8200-B688074AE5E3@sinodun.com> <CAHw9_iLuNYHHnMz_jgOA2JwTDNWUkRb9TVkT8zwKedNT9LUBmQ@mail.gmail.com> <ca821f6f-26de-f2f8-7e63-d9cb8dcfdf60@rfc-editor.org> <CAHw9_i+6MRiGOeDh5+5tVwajFhCCbgRgSnio04yqUGLbHKyHEw@mail.gmail.com> <CAHw9_iLxsEw4PQ4=Vu1ghhGGEPvS8pBuB9G7buiFMDjNB=m1cg@mail.gmail.com> <FA6BBBB2-D535-4597-8923-5307390D9462@icann.org> <CAHw9_iKEsfjpC2FzjKaaUz=oR_S9WNPNg+EuvBmi_n_CUpC8mQ@mail.gmail.com> <7E59D98E-7350-43FB-BE47-4E2691D5872F@icann.org> <1543316753.3027969.1590279856.6CEC8EC7@webmail.messagingengine.com> <88A3AB64-7E17-4EB8-A6FC-1D425F3F7AFF@icann.org> <71BDC7C1-ECF0-40F8-9225-F801A61AD864@sinodun.com> <1543416320.998512.1591850400.59F3419D@webmail.messagingengine.com>
From: Jim Hague <jim@sinodun.com>
Openpgp: preference=signencrypt
Autocrypt: addr=jim@sinodun.com; prefer-encrypt=mutual; keydata= xsFNBFjma08BEADHz5x1FKpV7GGMzaXlnC88O+f9iJjkajqdk8YJFS9GBB4X0RnJvew5Ek/Q yTbalhhg8lkMcDkJlW6/l+XPuwTeChLdF83c8yUW49gJ1xN2YP0pew38JzXUpeHC/JLY1FYb canohDqWojY/chE4tscGKehmmHRkneTdtZgreCNMi4cpqu4PsWiJkbBLwRlTTtq0eIUBLCcF 3/Q8Um3SXuKcXhO9XVSNIP/wHUKkZcIBJ2ZWIQYHefuos56BAZOuaV5lPkgaAcb/o72hyU+l yKF87J/srK0PIXK9WcyOYW77N8XDjr9z9W9YIPVrYfX/9DuwibJd9KfdN36T7MbYZW4sensn FsJ9SRhv7cCAcpYCLQtzVYaJ8d8OY4UJSpV3uXH/TZ0lmIH2h0M9m+5LxjyFkoeR1Dbb+OO5 P7X+lx+7kNz34fbwFoXgSWqCPOtJLHR4qejUG3oXGgfi4rBC2336Fv26og27j7TVwRlLeYF1 79/drAcsNS2SiH4v2/Frf44nKh0f6GlufcZVJSnXviMzubDedgTWsqqf8t2pjHDwWTfcGa1s plQ5rClRv43aa/QLC4+lid1MA3bHgtufPDZWz1kFmEMm+lAuFNzoQakcWm8OweN5s/MgkUFj lV/VtvmsrIt9D3BL4F5fxDG9hWwOOIwUXiCRAg57XYdTqTwa6wARAQABzRxKaW0gSGFndWUg PGppbUBsdW5jaC5vcmcudWs+wsF6BBMBCgAkAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA BQJY5mwQAhkBAAoJEO4RoliWIemRZnEQAJMfSE1ylcKl22uaFKyE2Yg5sH0FyEdTiA8cFr2w 3Xc05Aqpv2MDko39iUfqR9AROPZNyHJtVrWrG4xicEVI/ZVHq5ujtFgllHWeoTD9X3LzvvJr 6Xogh6ZHtuJkRW05sA6dz0J/eD1bGAi7vcE0/hUo7+zpaUxNMXhn9eSjMLcSNPTfCRbeLSZb 1ooe88jNzJ5oDHz8+rCckTe38Qea+jGI0+EeG5fZkRGZiNcOV7xEcjJPRRsANX71oufj+7ZH rYAF0zSst+W29siAxL/rpMcZzqakt8bt25uMvbLlqgusLYeyKKkNRPaGYmqVzekWL2OceaLf yKr05X2LsZqcvgDfnpK0XJqOqztHudQdgutyhuzsla1JEV8TBg0Siqv7i7/osGo36EO5+FTr BQmX8tqQUiGTAOuEowr9UxznBlflGTrwd1Nfln6bNeGaAFs9k9yPQSlbnnY+VAU0fuffGYt/ Yyp3r3R+EyBWsejbXiba0/wBNczDqaJPJAhnswel1qSV1Aw6UyvG673ewLwqPdI+qz67x7yO K0MRTDW/5Vec3MyTBHjcycbkvP9gr1hyNZhHLUiK3/vfzhocMUGzRYpFuF82r/ouPuFgRsC7 KHVh2LKJk7tKvxB3ozpnHv8GAgQ3GvFVrGIzzYxF3ZL3mVJO1JNH+cJU84F9RRgErdcVzsFN BFjma08BEADxnGIWD0IRk/SMBL/nIebJN2i86SNLmjGWBbzM/DAIFylRrxzGL3eewsPd15Va IToMb7OsxK22aAXv/CqoTQFpLvNIV3gKuSvUiUun2Aas9V3yKFWnjyvmJpSzWIfhr+IsBdC5 StlQtgVlk9jcFoIpqaVTgPK8DUZzrWKEHObqeUQde9rbqlbL3wUiYaAsC9R2JQrdoSEG8fhS jdmDGicTFJPJdyoaHQz/YhyqpH5aEs5eLTgtWMeNRkgBH7wgJmH0Gn8oSHEf4JVmSdz+TgWK DaHvoP9KgoLOZEK3Q1pCDT6/EQgo9B07nej1e22ld7JGEbVCWy9IeQrOZ95YHypWiqXyQsi4 vYTp4bYhLqW4aHZJeF2Ic+3sTng53OrV5oqL4ExuIYbNbG/6To7xxvcnVlQme5x7bNbPuiZy rPyj8Cid0xI0FuWiGOh9v0nEC0zVTaAwjX82h5f9f0USYRfdYTIkoQiVE57kCQdNF7aJnJdB lxWIxKlrsfN2WgMVv4NBSgQCbq6uZF3bHPfAhF82j47JeC1sFkRnJf5y7EsKNkvT++1J6bRJ 0qD6WC+1v53iMh3Nx63/F4a7L3iBY6Q/4ITUPzA0OkVqw4oqHHgIsqx18pIzeDgCYMK7d/Vx awWiFsNNExtIpTjsSYJyxB9rOJO3yccVjxO1C1pExwMXTQARAQABwsFfBBgBCgAJBQJY5mtP AhsMAAoJEO4RoliWIemRBRUP/3LMVCCtcvHUAd61nkr2LTSPQW7Y9+he/BU672mUp3OPrtL/ wF3Cg+JQR30bJC6ztY5wAWrKoB8A380GmhhBa4havapzfp+vXvHxU4LW+ie/lE0sGneRDN1t wGkvhLRH6NGhjOEd5zWDm4D/zOzubBB5FZ4E70yadzZmzsQC7XIk28WfGDHysHJTEMmOklWy UEMF6oWvygaEMHC/lgxXYORYDA5LeElOtPbvHeRaazX74yUCTaA7w4810Dxd7aXMS+7yK3/e 2qucM6VVWb5O7bdKckJBrBxAe7BpzH2in+nA2TDoMQRCukGsnOQreQX8ulQVDC3ZEmvHmErd NHVBrcbxb5hBrnykNHy7jkNqxsS5xNJqfdo0Xa0NdD5QIZGydF4Q2J102f1eB3FpzGCugx+z sPdMFv0YKEBfS00GwCZepv/2TS0fMRwgVsjKuxkTFWklIgOWIiDrq8taSS5VXiOzxWmG0/CK XUXRviyrZ7ATwI+CqJvnbKVat1Tzu2AjtsY/jtCOpDsfwNrESQllrh4LIclNi5EojBC+h5H9 6bByZCh2/UszlhlEewHglNXSAXElQJRmC/R8ON0uHU30ZcWTzS1ohTTz1Rzo2Y27A54OxXRM IjMZr6g+IfF9Ya5kMWMIK/+c7y0Q2YWmpCO0cAWQjYN0TPWSQ0H08pfNFG9P
Organization: Sinodun Internet Technologies Ltd.
Message-ID: <e9f7c05e-8614-d5ad-7dbd-52f70ba43d26@sinodun.com>
Date: Wed, 28 Nov 2018 14:52:25 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <1543416320.998512.1591850400.59F3419D@webmail.messagingengine.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-BlackCat-Spam-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/0kCnRS6VCru9MQcqNxy4xC_M364>
Subject: Re: [DNSOP] [Ext] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2018 14:53:38 -0000

On 28/11/2018 14:45, Alexey Melnikov wrote:
> On Wed, Nov 28, 2018, at 1:38 PM, Sara Dickinson wrote:

>> Paul is correct in that the _intention_ of including these fields is
>> just to provide informational meta data about the capturing process. I
>> would suggest we change the first sentence of the section to be:
>>
>> “Parameters providing information to how data in the file was
>> collected (applicable for some, but not all collection environments).
>> The values are informational only and serve as hints to downstream
>> analysers as to the configuration of a collecting implementation. They
>> can provide context when interpreting what data is present/absent from
>> the capture but cannot necessarily be validated against the data
>> captured.”
> I can live with that, but I would like you to in particular add a note
> that pcap filter value should not be trusted, as it effectively can
> contain arbitrary text string.

OK, thanks. We will do that.

>> Given that, I’m hoping the short reference is
>> acceptable http://www.tcpdump.org/manpages/pcap-filter.7.html? 
> Yes.

Thanks.
-- 
Jim Hague - jim@sinodun.com          Never trust a computer you can't lift.

v2.23.0 | Report a Bug | By Email