RE: WTLS

[Brent Goldspring]

Paul,   Thanks for your reply J   Yes, your assumption is correct; it is a WAP 1.x based server-side application.   How do we go about ensuring that our clients use WTLS to connect to our application? Can we force them to have to use WTLS?       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Goldspring Sent: 09 December 2005 00:31 To: users@kannel.org Subject: OT: WTLS Hi,   This is off-topic for the list, but I figured it would be a worth my while posing my query here.   What is involved in developing WAP-based applications that use WTLS?    I presume that you're talking about WAP 1.x here and not WAP 2.0 as WAP 2.0 is SSL/TLS through a HTTP proxy from a security perspective.   I also presume you're talking about server side applications rather than client side ?   On the server, your applications should be unaware that WTLS is used as it is below the WTP layer. However, the WAP gateway may have a policy to enforce SSL/TLS towards the web server if WTLS is used.    Is it simply a matter of throwing an SSL certificate on our web server and going from there?     No. WTLS is between the WAP client and the WAP gateway. The security policy between the HTTP client in the WAP gateway and your web server is a separate issue.   Do we have to deploy our own WAP gateway and have our clients reconfigure their devices when they wish to use our application?     No. Usually the carrier will support WTLS.   Do we require the cooperation of our clients’ mobile-carrier WAP gateways?    Only if you get into PKI trust issues. Best case is that the carriers certificate is issued by one of the trusted roots in the device. If not, then you'll need to talk to the carrier (or suffer the customer care issues of subscribers being prompted as to whether they trust a certificate or not)   Do we have to buy another certificate for WTLS?    Only if you're running your own WAP gateway. Even then it depends on whether its an open or closed user group, from a security policy perspective.    Regards, Brent