Re: WAP Security

[Alexander Klimov <alserkli () inbox ru>]

On Mon, 17 Oct 2005 arieldorfman wrote:
> i'm looking to put some webservers to be reached by mobile Phones.
> which are the best practices regards Security? could i use SSL or a
> similar protocol?

If, indeed, your web-server can be *directly* reached from your
customer's device then you can use SSL as usual.  OTOH if your
customers use WAP then what really happens is that the gateway gets
data from your server using SSL/TLS, decrypts it, converts it, and
reencrypts it (WTLS).

BTW, this gives about 46,100 results:
       http://www.google.com/search?q=%22wap%20security%22

On Tue, 18 Oct 2005, statefull wrote:
> it's not recommendable that you use SSL by the little capacity of
> memory and processing of the mobile phones, i think you need to find
> information about ECC (elliptical curves cryptography), here you
> have some links to ECC solutions: www.certicom.com but you will need
> to see your necessities.

BTW, openssl 0.9.8 supports ECC

-- 
Regards,
ASK