Re: Getting a server to trust the client. (iOS)
Re: Getting a server to trust the client. (iOS)
- Subject: Re: Getting a server to trust the client. (iOS)
- From: Sixten Otto <email@hidden>
- Date: Mon, 22 Jun 2015 09:22:08 -0700
Using client-side certificates in TLS is pretty standard stuff, and should
be well-supported by the system. You might start here:
https://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html
The biggest issue with something like this, or any scheme where you're
trusting the client based on information that was packaged in the app, is
that the app necessarily contains the information some bad actor would need
to have to build a malicious client that you probably don't want to trust.
(Same with things like encryption keys, API keys, shared passwords, and so
on.) On the other hand, maybe that isn't the kind of risk you're trying to
mitigate.
Can you say anything more about what kind of app/service this is, and what
sorts of threats you're trying to protect against?
Do you have any way of knowing who the valid users should be ahead of time,
or communicating with them outside of the app?
Sixten
On Mon, Jun 22, 2015 at 6:43 AM, Alex Zavatone <email@hidden> wrote:
> We're all familiar with using a SSL cert to get a client to trust a
> server, but we're looking at is getting a server to trust that a trusted
> client is allowed to access it.
>
> I was thinking of embedding an SSL cert within the iOS app and validating
> against that, but I'm sort of lost on a way to start.
>
> If this approach seems valid, do any of you have any ideas on any sites
> where I could start reading up on this?
>
> If this approach doesn't seem valid, do any of you have any suggestions on
> what might be a better approach?
>
> Thanks much in advance,
>
> Alex Zavatone
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden