On 30 March 2016 at 15:04, Dacheng Zhang <dacheng....@alibaba-inc.com> wrote: > Dacheng:Let assume we trust the device. But the APP use a SNI to indicate > the service that the APP intends to access. Because the SNI is static which > may not be changed for months, it is easier for attackers who monitor the > network to get the SNI and use it to gain benefit. We need a securer > solution. As I have mentioned in my previous email, this solution will make > such attacks more difficult. By the way, SNI is not designed for this > purpose, we need to do some additional work to address this issue, right?
What is wrong with client authentication? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
