在 16-3-30 下午12:17, "Peter Bowen" <pzbo...@gmail.com> 写入:
>It doesn't seem to be clearly spelled out: is the "charging GW" a >system that can read data passing between the client and server but >cannot modify it? If so, do I have it right that you are trying to >design an extension that allows the client to send a message that can >be observed but not tampered? We translate that term from Chinese directly, and sorry for the confusion caused. You are right, we trying to do this work in a standard way. There could be hundreds of millions APP in use. The solution should be scalable and light weight. Cheers Dacheng > >On Tue, Mar 29, 2016 at 9:12 PM, Dacheng Zhang ><dacheng....@alibaba-inc.com> wrote: >> The charging GW will not authenticate the client, it only needs to be >> informed how the following traffics will be charged, in a trusted way. >> That is why we will do this work. For secure reasons, we intend to use >>TLS >> to secure the traffics to or from our APP. So, we need to provide such >> information in some way to the charging GW of ISP. >> >> 在 16-3-30 下午12:06, "Martin Thomson" <martin.thom...@gmail.com> 写入: >> >>>On 30 March 2016 at 15:04, Dacheng Zhang <dacheng....@alibaba-inc.com> >>>wrote: >>>> Dacheng:Let assume we trust the device. But the APP use a SNI to >>>>indicate >>>> the service that the APP intends to access. Because the SNI is static >>>>which >>>> may not be changed for months, it is easier for attackers who monitor >>>>the >>>> network to get the SNI and use it to gain benefit. We need a securer >>>> solution. As I have mentioned in my previous email, this solution will >>>>make >>>> such attacks more difficult. By the way, SNI is not designed for this >>>> purpose, we need to do some additional work to address this issue, >>>>right? >>> >>> >>>What is wrong with client authentication? >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
