With WTLS, who decides whether server authentication is performed or not?
• It is up to the gateway to indicate whether authentication is needed or not. The following describes the approximate procedure: First, the device sends a message to the WAP protocol gateway indicating that security should be negotiated. The message contains a list of the algorithms that the device supports. The WAP protocol gateway selects the algorithms it wants to use for the secure connection and may optionally return its certificate so that the device can check the identity of the WAP protocol gateway. The user is then notified that security has been accepted by the WAP protocol gateway. If the device was unable to check the received gateway certificate, or if the certificate was invalid, the user will also be shown the information contained in the gateway certificate. Note that there is no user interaction concerning the selection of certificates; there are no user/client certificates in the device, and the selection of the proper CA certificate used to check gateway certificate
