IETF Logo Mail Archive

Re: [DNSOP] [Ext] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)

Warren Kumari <warren@kumari.net> Wed, 28 November 2018 19:08 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4237130F97 for <dnsop@ietfa.amsl.com>; Wed, 28 Nov 2018 11:08:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbHRgzlKtZWA for <dnsop@ietfa.amsl.com>; Wed, 28 Nov 2018 11:08:33 -0800 (PST)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2020128A6E for <dnsop@ietf.org>; Wed, 28 Nov 2018 11:08:32 -0800 (PST)
Received: by mail-wr1-x42b.google.com with SMTP id t3so27437787wrr.3 for <dnsop@ietf.org>; Wed, 28 Nov 2018 11:08:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M8pS0NtTCqdcf5VIlzQAbsc8N6AcCc+fVaD3vXB5BHk=; b=u8p7qdI3vrwPTW+o5VhA1xXhkujRVBGtHjk/dT+wZc9FnInq4j3jdSzdkABAY4W0k3 06ONAmjCByWojQSrox3tNWFeEpiBfuoXZvhKkBlZt9SuBskXjq6/0JtZ+sAlmu3jb5qp tNgUQV2Oy77020vV6qwZHaNFeYMF3QhoxNpVhD9VffikLRqYo4Ub1Jcd+QX2MFMFk/E1 u0TH0j0JASWrmOBsc6jjETs8ZW3WyM19gpgvlDzbzZMS+be3ghS6BnnoxOX2ysO8GQ1S mpjj6C42vJ0hh0iWvJbMjAJWW9EfL7WoyAaLOV0l0SDqVjay71jWk7ZMuc8V3/wc+0Nq aKZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M8pS0NtTCqdcf5VIlzQAbsc8N6AcCc+fVaD3vXB5BHk=; b=lhtaBZQjR8XUEA3L7qbCAXUy+qI12mcl9XStqeGWggidI2Fe6gGAkexD6YULoqbAYb a+lSMikv7ZIRfk6MW4pBDRYLYdCw6S1LKvhcGYFrieXQywW58U+6CrD3rLldiXBJlCa/ ushEV3qIRLkJ0eUd0hth3ETC0C6FFwrGAXaQvHh8+ojie1j1/EhsyOS8L8qfIqLpXTim CyRA/5l5gqHZlrNAoDqbYZqqLfD5I/bl9VrtM5vMUQCUXwbAjb4KkGDqHJNTc8EiMZow NNyWBD8EUrjuFAw0Br57bIeryAwXKk2hnPadOCTRU+vv5MXG4hNWhhbzpWK+a9s2LNs4 uznA==
X-Gm-Message-State: AA+aEWZW2nSIBnKbqcCc7TCeTzMrvyBrNtUTtgHhNhKRxXRDOveaHuZg 6G/3+9/6HpuQcflom389qg4Xp+oEkWN43CMeOnaT6g==
X-Google-Smtp-Source: AFSGD/Wbi3lQUust1nVChJ7T1NTNea9VKHOWT7PP7F2ttc97lg97CnhQG3V6xXT0IBaQyjhzCthrKsaZYOfH9lZC+D0=
X-Received: by 2002:adf:f0c5:: with SMTP id x5mr6626151wro.77.1543432110926; Wed, 28 Nov 2018 11:08:30 -0800 (PST)
MIME-Version: 1.0
References: <154265985064.16386.5550594646862412061.idtracker@ietfa.amsl.com> <BF3169F5-E68D-4C68-80D7-1772E7A9EDEA@sinodun.com> <1542811322.1310112.1584530512.0785569A@webmail.messagingengine.com> <4D2E72B7-1EEE-4BD2-8200-B688074AE5E3@sinodun.com> <CAHw9_iLuNYHHnMz_jgOA2JwTDNWUkRb9TVkT8zwKedNT9LUBmQ@mail.gmail.com> <ca821f6f-26de-f2f8-7e63-d9cb8dcfdf60@rfc-editor.org> <CAHw9_i+6MRiGOeDh5+5tVwajFhCCbgRgSnio04yqUGLbHKyHEw@mail.gmail.com> <CAHw9_iLxsEw4PQ4=Vu1ghhGGEPvS8pBuB9G7buiFMDjNB=m1cg@mail.gmail.com> <FA6BBBB2-D535-4597-8923-5307390D9462@icann.org> <CAHw9_iKEsfjpC2FzjKaaUz=oR_S9WNPNg+EuvBmi_n_CUpC8mQ@mail.gmail.com> <7E59D98E-7350-43FB-BE47-4E2691D5872F@icann.org> <1543316753.3027969.1590279856.6CEC8EC7@webmail.messagingengine.com> <88A3AB64-7E17-4EB8-A6FC-1D425F3F7AFF@icann.org> <71BDC7C1-ECF0-40F8-9225-F801A61AD864@sinodun.com> <1543416320.998512.1591850400.59F3419D@webmail.messagingengine.com> <e9f7c05e-8614-d5ad-7dbd-52f70ba43d26@sinodun.com>
In-Reply-To: <e9f7c05e-8614-d5ad-7dbd-52f70ba43d26@sinodun.com>
From: Warren Kumari <warren@kumari.net>
Date: Wed, 28 Nov 2018 14:07:53 -0500
Message-ID: <CAHw9_iLmD3RoXshcLjQQ-Hho9+U9__cRQHh3b54JXuQuLEmwRQ@mail.gmail.com>
To: jim@sinodun.com
Cc: Alexey Melnikov <aamelnikov@fastmail.fm>, Sara Dickinson <sara@sinodun.com>, Paul Hoffman <paul.hoffman@icann.org>, dnsop <dnsop@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-dnsop-dns-capture-format@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b50ca1057bbe4a7c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iFOQB8BRgt-9H_4pVpmVrv8D4Po>
Subject: Re: [DNSOP] [Ext] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2018 19:08:36 -0000

On Wed, Nov 28, 2018 at 9:53 AM Jim Hague <jim@sinodun.com> wrote:

> On 28/11/2018 14:45, Alexey Melnikov wrote:
> > On Wed, Nov 28, 2018, at 1:38 PM, Sara Dickinson wrote:
>
> >> Paul is correct in that the _intention_ of including these fields is
> >> just to provide informational meta data about the capturing process. I
> >> would suggest we change the first sentence of the section to be:
> >>
> >> “Parameters providing information to how data in the file was
> >> collected (applicable for some, but not all collection environments).
> >> The values are informational only and serve as hints to downstream
> >> analysers as to the configuration of a collecting implementation. They
> >> can provide context when interpreting what data is present/absent from
> >> the capture but cannot necessarily be validated against the data
> >> captured.”
> > I can live with that, but I would like you to in particular add a note
> > that pcap filter value should not be trusted, as it effectively can
> > contain arbitrary text string.
>
> OK, thanks. We will do that.
>

Excellent! Please let me know (LOUDLY) once you've had a chance to do so
(and the other comments too).


> >> Given that, I’m hoping the short reference is
> >> acceptable http://www.tcpdump.org/manpages/pcap-filter.7.html?
> > Yes.
>
>
WFM!
W



> Thanks.
> --
> Jim Hague - jim@sinodun.com          Never trust a computer you can't
> lift.
>
>

-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf

v2.23.0 | Report a Bug | By Email