Hello,
I'm developing a J2ME app which securely connects to a server to login. I'm having a lot of difficulty in setting up the SSL between the two so I thought of a simpler solution and I'm hoping you can give your views on it.
The J2ME Midlet is shipped WITH the server's public key, on connect a message (username, password hash and random) is encrypted using that public key and sent to the server. The server then decrypts it and uses it to authenticate the client.
The main idea of the certificate authority is to say who is who, if the two parties know that already and agree that it won't change (unless through an already authenticated connection), then don't I bypass the need for one?
Thanks, Vladimir