The charging GW will not authenticate the client, it only needs to be informed how the following traffics will be charged, in a trusted way. That is why we will do this work. For secure reasons, we intend to use TLS to secure the traffics to or from our APP. So, we need to provide such information in some way to the charging GW of ISP.
在 16-3-30 下午12:06, "Martin Thomson" <martin.thom...@gmail.com> 写入: >On 30 March 2016 at 15:04, Dacheng Zhang <dacheng....@alibaba-inc.com> >wrote: >> Dacheng:Let assume we trust the device. But the APP use a SNI to >>indicate >> the service that the APP intends to access. Because the SNI is static >>which >> may not be changed for months, it is easier for attackers who monitor >>the >> network to get the SNI and use it to gain benefit. We need a securer >> solution. As I have mentioned in my previous email, this solution will >>make >> such attacks more difficult. By the way, SNI is not designed for this >> purpose, we need to do some additional work to address this issue, >>right? > > >What is wrong with client authentication? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
