在 16-3-30 下午12:17, "Peter Bowen" <[email protected]> 写入:
>It doesn't seem to be clearly spelled out: is the "charging GW" a >system that can read data passing between the client and server but >cannot modify it? If so, do I have it right that you are trying to >design an extension that allows the client to send a message that can >be observed but not tampered? We translate that term from Chinese directly, and sorry for the confusion caused. You are right, we trying to do this work in a standard way. There could be hundreds of millions APP in use. The solution should be scalable and light weight. Cheers Dacheng > >On Tue, Mar 29, 2016 at 9:12 PM, Dacheng Zhang ><[email protected]> wrote: >> The charging GW will not authenticate the client, it only needs to be >> informed how the following traffics will be charged, in a trusted way. >> That is why we will do this work. For secure reasons, we intend to use >>TLS >> to secure the traffics to or from our APP. So, we need to provide such >> information in some way to the charging GW of ISP. >> >> 在 16-3-30 下午12:06, "Martin Thomson" <[email protected]> 写入: >> >>>On 30 March 2016 at 15:04, Dacheng Zhang <[email protected]> >>>wrote: >>>> Dacheng:Let assume we trust the device. But the APP use a SNI to >>>>indicate >>>> the service that the APP intends to access. Because the SNI is static >>>>which >>>> may not be changed for months, it is easier for attackers who monitor >>>>the >>>> network to get the SNI and use it to gain benefit. We need a securer >>>> solution. As I have mentioned in my previous email, this solution will >>>>make >>>> such attacks more difficult. By the way, SNI is not designed for this >>>> purpose, we need to do some additional work to address this issue, >>>>right? >>> >>> >>>What is wrong with client authentication? >> >> >> _______________________________________________ >> TLS mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
