Security Basics mailing list archives
Re: WAP Security
From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 19 Oct 2005 23:42:59 +0200 (IST)
On Mon, 17 Oct 2005 arieldorfman wrote:
i'm looking to put some webservers to be reached by mobile Phones. which are the best practices regards Security? could i use SSL or a similar protocol?
If, indeed, your web-server can be *directly* reached from your customer's device then you can use SSL as usual. OTOH if your customers use WAP then what really happens is that the gateway gets data from your server using SSL/TLS, decrypts it, converts it, and reencrypts it (WTLS). BTW, this gives about 46,100 results: http://www.google.com/search?q=%22wap%20security%22 On Tue, 18 Oct 2005, statefull wrote:
it's not recommendable that you use SSL by the little capacity of memory and processing of the mobile phones, i think you need to find information about ECC (elliptical curves cryptography), here you have some links to ECC solutions: www.certicom.com but you will need to see your necessities.
BTW, openssl 0.9.8 supports ECC -- Regards, ASK
Current thread:
- WAP Security arieldorfman (Oct 18)
- Re: WAP Security statefull (Oct 18)
- Re: WAP Security Alexander Klimov (Oct 21)
- Re: WAP Security xyberpix (Oct 18)
- Re: WAP Security statefull (Oct 18)