RE: E-commerce using WAP (...WTLS...)

John-

It's my understanding that SSL provides secure data transfer only between
the gateway/proxy server and the content source (web server, database, etc.)
and that the connection between the user agent (wireless terminal) and the
gateway is protected via ECC (elliptical curve crytpography) and/or WTLS.
The ECC encryption would be part of the carrier's hardware system and WTLS
services would be provided by the gateway itself.

Todd Walker
Authoring Lead
iXL, Inc.

-----Original Message-----
From: Zhu John-W51056 [mailto:John.Zhu@motorola.com]
Sent: Friday, March 03, 2000 11:46 AM
To: 'Mukul Gandhi'; www-mobile@w3.org
Subject: RE: E-commerce using WAP (...WTLS...)


Hi Mukul

Where the SSL terminates, at Wap gateway or at the wireless terminal? I
remember a while ago, it's terminated at Wap gateway and an "unwireed
planet" proprietary symmetric encrypted link replaced SSL between wireless
terminal and Wap gateway.

Thanks!

-John

-----Original Message-----
From: Mukul Gandhi [mailto:mgandhi@bhartitelesoft.com]
Sent: Thursday, March 02, 2000 9:06 PM
To: www-mobile@w3.org
Cc: jain@cs.purdue.edu
Subject: Re: E-commerce using WAP (...WTLS...)


Hi Sandeep ,
Verisign issues WAP Server Certificates to enable WTLS security between WAP
servers and client wireless devices such as digital cellular phones and
other mobile client devices. You must install the certificate from Verisign
on the WAP Server to enable it with WTLS. VeriSign supports the following
WAP servers: Motorola, Nokia, and Phone.com . The procedure to apply for
WAP Server Certificate is very much the same as for normal SSL
Certificates. www.verisign.com has details . 

regards
-mukul


At 06:34 AM 3/2/00 -0500, jain@cs.purdue.edu wrote:
>Hi all...
>
>I am developing a secure WAP application for e-commerce.
>I am facing a problem.....I dont know if any of the available
>WAP terminal simulators....have an implementaion of WTLS...they need not
>in a sense as they are only simulators.
>
>My questions are:
>1. Is there any vendor (Motorola,Ericsson,Phone.com,Nokia....etc.)
>   having a secure implementation of WAP (i.e. WTLS) on the WAP
>   enabled cell-phones?
>2. Is anybody currently implementing WTLS?
>3. Are there any e-commerce application being used currently
>   anywhere?
>
>I dont see how one can develop e-commerce applications using WAP
>without making sure that the data on the wireless channel being
>"overheard". We can have hardware encryption...but that is vendor 
>and bearer technology specific.
>
>Thanks
> 
>
>---------------------------------------------------------------------------
-
>Sandeep Jain                    Office: MTH 405
>Graduate Student                Phone : 765-494-5006
>Computer Science Department     URL: http://www.cs.purdue.edu/homes/jain/
>Purdue University
>West Lafayette, IN 47907-1398.                   


--------------------------------------------------------------
Bharti Cellular Limited, New Delhi, India

Received on Friday, 3 March 2000 14:15:20 UTC