- From: <twalker@ixl.com>
- Date: Fri, 3 Mar 2000 14:14:23 -0500
- To: John.Zhu@motorola.com
- Cc: www-mobile@w3.org
John- It's my understanding that SSL provides secure data transfer only between the gateway/proxy server and the content source (web server, database, etc.) and that the connection between the user agent (wireless terminal) and the gateway is protected via ECC (elliptical curve crytpography) and/or WTLS. The ECC encryption would be part of the carrier's hardware system and WTLS services would be provided by the gateway itself. Todd Walker Authoring Lead iXL, Inc. -----Original Message----- From: Zhu John-W51056 [mailto:John.Zhu@motorola.com] Sent: Friday, March 03, 2000 11:46 AM To: 'Mukul Gandhi'; www-mobile@w3.org Subject: RE: E-commerce using WAP (...WTLS...) Hi Mukul Where the SSL terminates, at Wap gateway or at the wireless terminal? I remember a while ago, it's terminated at Wap gateway and an "unwireed planet" proprietary symmetric encrypted link replaced SSL between wireless terminal and Wap gateway. Thanks! -John -----Original Message----- From: Mukul Gandhi [mailto:mgandhi@bhartitelesoft.com] Sent: Thursday, March 02, 2000 9:06 PM To: www-mobile@w3.org Cc: jain@cs.purdue.edu Subject: Re: E-commerce using WAP (...WTLS...) Hi Sandeep , Verisign issues WAP Server Certificates to enable WTLS security between WAP servers and client wireless devices such as digital cellular phones and other mobile client devices. You must install the certificate from Verisign on the WAP Server to enable it with WTLS. VeriSign supports the following WAP servers: Motorola, Nokia, and Phone.com . The procedure to apply for WAP Server Certificate is very much the same as for normal SSL Certificates. www.verisign.com has details . regards -mukul At 06:34 AM 3/2/00 -0500, jain@cs.purdue.edu wrote: >Hi all... > >I am developing a secure WAP application for e-commerce. >I am facing a problem.....I dont know if any of the available >WAP terminal simulators....have an implementaion of WTLS...they need not >in a sense as they are only simulators. > >My questions are: >1. Is there any vendor (Motorola,Ericsson,Phone.com,Nokia....etc.) > having a secure implementation of WAP (i.e. WTLS) on the WAP > enabled cell-phones? >2. Is anybody currently implementing WTLS? >3. Are there any e-commerce application being used currently > anywhere? > >I dont see how one can develop e-commerce applications using WAP >without making sure that the data on the wireless channel being >"overheard". We can have hardware encryption...but that is vendor >and bearer technology specific. > >Thanks > > >--------------------------------------------------------------------------- - >Sandeep Jain Office: MTH 405 >Graduate Student Phone : 765-494-5006 >Computer Science Department URL: http://www.cs.purdue.edu/homes/jain/ >Purdue University >West Lafayette, IN 47907-1398. -------------------------------------------------------------- Bharti Cellular Limited, New Delhi, India
Received on Friday, 3 March 2000 14:15:20 UTC