Only hhtp needs to be supported. MIDP vendors might also choose to implement https, but I doubt it. You will probably have to provide your own encryption. I don't know of any encryption packages that run on J2ME yet (I do know plenty of open source sites which would love to get help porting :-)
Alternatively, if you just support a hash function, you can prove your identity using a nonce. Basically, the server sends a random message, the client hashes the message using the message, username, and password. Of course, this still vulnerable to some types of attacks, and data sent over the wire won't be encrypted either.
--Mark
hershey@vaultus.com