Viewing WML (WAP <1.2) pages on WAP 2.0 phones

[dunkyboy]

Hi, I'm trying to figure out what happens when I view a WAP 1.2-compliant WML page using a WAP 2.0 phone.

In WAP 1.2, when you send a request for a WML page, it is retrieved by the network's gateway over HTTP, and then compiled into a binary WMLC file before forwarding back to the phone over WAP (using a separate transport technology than HTTP). In WAP 2.0, this whole sordid process is bypassed and the gateway serves only as a standard web proxy - the phone sends its page request over HTTP and is passed through by the gateway straight on to the destination web server, and the response is similarly sent directly to the phone over HTTP.

What I want to know is what happens when you use a WAP 2.0-capable phone to request an old-style WML page? Does it use the WAP 1.2 system of transmission to the gateway, HTTP translation, binary compilation on the gateway, etc? Or is a WAP 2.0 phone capable of making the entire request over HTTP and interpreting the raw, uncompiled WML page itself?

The main reason I want to know is security reasons. I've been developing pages in WML that I want to secure over HTTPS, and I want to know if, when I request these WML pages using a WAP 2.0 phone, will the HTTPS connection be made straight to the web server, or will it use old-style WAP WTLS security to the gateway, whereupon the secured data is exposed to the unsecured gateway before being re-encrypted over HTTPS for the request to the server (and vice-versa on the way back).

I suspect if I want to bypass the poor security inherent in the WTLS-HTTPS translation process, I'll have to rewrite my pages in XHTML-MP. But it seems possible that modern WAP 2.0 phones might do all the requesting themselves, even in the case of WML pages. Anyone know which it is?

Many thanks,
Duncan Armstrong

[spectra1]

Good question. I am 90% sure that the old version wap pages use the modern transport protocol on wap 2.0 phones. This is because it is possible to use regular 128-bit ssl certificates on wap 2.0 phones using a wml 1.1 page and otherwise the webserver would reject the connection, because ssl garantees an end-to-end encrypted connection.

But, I couldn't find a document which proofs this behaviour.

You could test it by connecting your mobile phone using a USB cable to an internet connected PC, instead of using gprs. This eliminates the presence of a WAP gateway which uses wtls.

Then request the wml 1.1 page on your mobile over an https connection and check whether you get a normal response. If so, it uses http ssl connection, not wtls. If it says "bad gateway" then it uses wtls.

(Note that I've used this trick several times with Nokia and Sony mobiles, and PDA's, but not all phones can use a PC's internet connection using USB cable)