Media type registration for pcapng

[johnthacker]

It would be good to register pcapng as a media type with the IANA: https://www.iana.org/assignments/media-types/media-types.xhtml

pcap is registered as application/vnd.tcpdump.pcap and has a Media Type registry section under IANA Considerations.

[guyharris]

pcap is registered as application/vnd.tcpdump.pcap and has a Media Type registry section under IANA Considerations.

...and, as I remember, the application for pcap (which I did not write) was praised for how complete and comprehensive it was. Whoever writs the application for pcapng should try to emulate that; pcapng is more complicated, so the security considerations will be more complicated.

[guyharris]

(which I did not write)

Glen Turner wrote the application for a media type for pcap; I'm listed as "Author/Change controller" (with an old email address) primarily 1) as a developer and maintainer of both libpcap and Wireshark (including its code to read and write pcap files) and 2) an editorial contributor, so that I'm the closest thing to an "official owner".

[guyharris]

Here's the email thread on tcpdump-workers where the application was discussed.

[guyharris]

And, yes, I found the email notifying Glen and me that the application was accepted; one of the reviewers did indeed praise the "security considerations" section. (I don't know to whom the mail was sent other than us, so I won't quote the comment offered or give the commenter's name.)

[guyharris]

@vk5tu, just letting you know that I've mentioned your work on the pcap media-type registration here, including the praise it got for your "security considerations" section.

[vk5tu]

@guyharris I kept a little archive of that mini project: https://www.gdt.id.au/~gdt/presentations/2011-03-23-iana-mime/

[johnthacker]

It seems like the two options are:

1. Make an application to put it in the vendor tree (application/vnd.wireshark.pcapng ? A vendor of tcpdump doesn't make as much sense so long as https://github.com/the-tcpdump-group/libpcap/issues/1321 is open). Then update this draft with the information. The advantage, as before, is that registration can happen fairly quickly.
2. Apply to put it in the standards tree as part of this RFC. Presumably make a provisional application. Arguably more proper, but doesn't really take affect until this draft achieves consensus and is published, and it's been four years already.

It might be possible to register in the vendor tree right away and then have that entry be listed as a deprecated alias when putting it in the standards tree.