9.4 APPLYING SSL TO WIRELESS
In essence, the process of applying ciphering to a wireless browser session is the same as just described in the preceding section. In fact, the security layer between the mobile and the WAP gateway is the same process exactly. The problem is that the gateway introduces a discontinuity in the ciphering process that cannot easily be circumvented. As we noted when looking at IP protocols for mobile applications, the WTP and the WSP are not the same as their Internet counterparts TCP and HTTP.
The difference between WSP and HTTP is what causes the bigger problem. If nothing else, the contents of many HTTP messages are converted from WML to WBXML at the gateway19. This means that we cannot transparently pass data through our gateway; the WAP gateway process necessitates conversion. This implies that we have to decrypt the data at the gateway in order to carry out the conversion process. We then need to encrypt it again onto the opposing connection on the other side of the gateway. Transport-layer security only works if the higher layers require a transparent connection end-to-end (socket-to-socket). This is not the case with a WAP gateway, as shown in Figure 9.19.
For WAP 1, there is no way of getting around this encryption discontinuity at the WAP proxy. WSP and HTTP are not compatible, even though they are semantically similar and practically identical for the most part. The WAP stack and the HTTP stack are not the same for WAP 1, as Figure 9.20 clearly ...
Get Next Generation Wireless Applications: Creating Mobile Applications in a Web 2.0 and Mobile 2.0 World, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
