It doesn't seem to be clearly spelled out: is the "charging GW" a system that can read data passing between the client and server but cannot modify it? If so, do I have it right that you are trying to design an extension that allows the client to send a message that can be observed but not tampered?
On Tue, Mar 29, 2016 at 9:12 PM, Dacheng Zhang <dacheng....@alibaba-inc.com> wrote: > The charging GW will not authenticate the client, it only needs to be > informed how the following traffics will be charged, in a trusted way. > That is why we will do this work. For secure reasons, we intend to use TLS > to secure the traffics to or from our APP. So, we need to provide such > information in some way to the charging GW of ISP. > > 在 16-3-30 下午12:06, "Martin Thomson" <martin.thom...@gmail.com> 写入: > >>On 30 March 2016 at 15:04, Dacheng Zhang <dacheng....@alibaba-inc.com> >>wrote: >>> Dacheng:Let assume we trust the device. But the APP use a SNI to >>>indicate >>> the service that the APP intends to access. Because the SNI is static >>>which >>> may not be changed for months, it is easier for attackers who monitor >>>the >>> network to get the SNI and use it to gain benefit. We need a securer >>> solution. As I have mentioned in my previous email, this solution will >>>make >>> such attacks more difficult. By the way, SNI is not designed for this >>> purpose, we need to do some additional work to address this issue, >>>right? >> >> >>What is wrong with client authentication? > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
