Wireless Transport Layer Security Explained

Wireless Transport Layer Security (WTLS) is a security protocol, part of the Wireless Application Protocol (WAP) stack. It sits between the WTP and WDP layers in the WAP communications stack.

Overview

WTLS is derived from TLS. WTLS uses similar semantics adapted for a low bandwidth mobile device. The main changes are:

WTLS has been superseded in the WAP Wireless Application Protocol 2.0 standard by the End-to-end Transport Layer Security Specification.

Security

WTLS uses cryptographic algorithms and in common with TLS allows negotiation of cryptographic suites between client and server.

Algorithms

Due to the additional power and bandwidth requirements imposed by wireless devices, only a subset of algorithms supported by TLS are viable. An incomplete list:

Security criticisms

Interoperability

As mentioned above the client and server negotiate the cryptographic suite. This happens when the session is started, briefly the client sends a list of supported algorithms and the server chooses a suite, or refuses the connection. The standard does not mandate support of any algorithm. An endpoint (either client or server) that needs to be interoperable with any other endpoint may need to implement every algorithm (including some covered by intellectual property rights).

See also