Slashdot Mirror
China Releases Own WLAN Security Standard
Lownewulf writes "This NetworkWorldFusion article describes the release of the GB15629.11-2003 wireless networking standard in China, a wireless standard similar to 802.11, but with better security. The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware." ziggyboy adds a link to CNET's article, noting that
"all wireless devices sold in China are required to comply to this standard from December 1."
While WLAN equipment sold in China is required to comply with this standard from Dec. 1, a transition period has been granted that extends the compliance deadline for some WLAN products until June 1, 2004.
This sounds terribly rushed. How long have they been working on GB15629.11-2003 for (the
These questions lead me to believe that there are two possibilities here:
- B: The Chinese
government is rushing to get beat the IEEE people to make this an
early standard which will make worldwide adoption easier. Now re-read
A and drop the "on its people". Tell me if you feel better.
That all said, you don't need to wait for these committees to finish fighting to harden your wireless LAN. At work we use IPSec over our 802.11[bg] stuff which is all VLAN'd and routed to an outside interface of our Cisco PIX.Trolling is a art,
I disagree with the assertion of the poster that the Chineese standard has better security. For starters it does not use AES (the new advanced encryption standard) and the article does not specify what (if any) encryption protocol the Chineese standard uses. What this seems to me to be is an attempt to give the Chineese government a larger voice in the implementation of new networking standards. If hardware vendors and the IEEE roll over on this one the next thing you will see out of China (and other like minded countries who will follow suit) are the emergence of protocols which make it easier to censor and control content on the web. The market pressure to comply with this standard will be huge however. Given the size and growth of the Chineese market the financial rewards for early adopters will be great not to mention the potential to establish a major vendor footprint in an emerging market.
I must say I've never heard of 802.11i before; have I missed everybody talking about it, or is it underreported? I don't pretend to be an expert in wireless technology, but I've not seen it mentioned anywhere... Then again, their status page (quickly looked up, yay Mysterious Future...) uses <blink>, was exported by MS Word, was "cleaned up" by Netscape 4, and has an incorrectly capitalised DOCTYPE, and I'm not sure if I'd trust wireless security to a group with a status page like that :-P (I know, they probably didn't make the page, but it still gives a bad impression).
...a country with one of the worst records of human rights violations now has their own:
Flavor of linux (RedFlag)
DVD standards
wireless encryption
Video compression (AVS)
Taikonauts
Access to windows source code
Web searching (Chinese Search Alliance)
CPU architecture (Dragon)
Is anybody else out there as concerned as I am about this?
Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose.
If it has better security why isn't it a worldwide standard?
um.. Windows is a worldwide standard. You can't equate the robustness of the product with the number of users.
Trolling is a art,
The HTML configuration pages are all in Chinese, and the devices have strict orders to not talk to foreign capitalist pigdogs, under penalty of immediate brutal termination and dismantlement.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
"The great thing about standards, is that there are so many to choose from"
www.rexguo.com - Technologist + Designer
China is likely to become the world's largest economy in the not so distant future. The technical community there _will_ want to make their mark on important standards in IT. The real way around this for the United States and the EU is to cultivate technical excellence among their own citizens-something the current corrupt governments and corporate elites are hesitant to do.
...wouldn't Wi-Chi be better?
Tubal-Cain smokes the white owl.
This is why Black Lotus and your hordes of hackers say "I can hack into anything."
Forget accounting fraud and unethical stock manipulations... The real threat will be obvious when hundreds of men from China gather on the lawn 100 feet away from the Pentagon and pull out their laptops.
For your information, current 802.11b hardware can pose problems when you use them outside the country they're meant to be used. For example, France uses channels that are different from US channels. If you buy cards that aren't anally retentive, like Orinocos, you'll be able to find common channels (channel 10 in that case), but not always.
...
One standard, several ways of being shafted. Just like DVD zoning
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I'm pretty sure it was chosen for the people and not by the people.
I still don't understand why people get so wrapped up on encryption at the AP level. Wired switches and routers don't encrypt data. That is reserved for firewall/vpn devices which makes sense because the overhead associated (beyond security concerns) doesn't make sense to burden your transport mechanism.
What do people want encrypted? Their credit card numbers? Encryption of sensitive information like CC#'s is (should) be handled by SSL where the data is encrypted BEFORE it leaves the pc. No wireless encryption needed. Their e-mail? If they are sending that sensitive of information, they probably shouldn't use standard e-mail in the first place. They should encrypt a document and then e-mail it or encrypt the e-mail itself.
I am still yet to find a situation where encrypted wireless signals make sense for home or even business situations. If it is a business that is in need of securing their communications, they should use VPN's anyway.
I think it makes more sense for an additional independent circuitry to be installed on AP's that does VPN's and build into wireless cards a VPN client or include VPN software. Hell, even make an externally pluggable device that attaches to an AP so that it can be upgraded as future VPN's get stronger in encryption.
Leave AP's to do what the do best--serve wireless clients.
As general-purpose chips get smaller and cooler, there is less and less need to code a particular radio standard into the chips - it becomes possible to support multiple standards (Wifi, BlueTooth, GSM, etc.) Either switching between them, or even in parallel.
Ceci n'est pas une signature
Most vendors refuse to release updated drivers with WPA/TKIP support for their 802.11b gear. They knowingly sell broken (read: WEP) hardware that they don't intend to fix. They rather want you to buy 802.11g gear for WPA support!
You know what, I'm fed up with this. Might just as well buy this Chinese gear then... (And run IPsec over it).
-------
Warning: Slashdot may contain traces of nuts.
Sure, racism. That explains why consumer electronics from Japan had such a hard time gaining popularity here in the 80's, right?
-j
Coincidentally, the majority of members of the WI-FI Alliance are American companies, so I would be skeptical to pass this off as nothing more than a `shit China is gonna kill us with their low manufacturing costs' response. If the security is supposedly better as the post states, than why not verify this, and migrate to it. Wouldn't that make more sense than basically stating "you're security is good! but it's not a standard so we don't want it"
MoFscker
The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware.
...or any other 'standards' for that matter.
MHO: I do not think the IEEE has anything to worry about. For all I care, any Government can release their own home grown networking stack/protocol standard in regards to IEEE's 802.3
Will people accept this new standard? Who will manufactures trust: One Government/Country, or a respected body encompassing more than 380,000 individual members in 150 countries..promoting consensus-based standards?
As a consumer, which would you choose/trust?
Stop bashing China people... How many times have some American company came out with their own standard that's different from IEEE's? TOO MANY TIMES! A new standard from China is just another drop of water in an ocean full of non compatible standards......
Has been dead a long time, so stop beating it. 802.11b is not a standard, Linksys has their own proprietary 22mb scheme. 802.11g uhh Dlink/Linksys etc all have their "own" 72+ mb g network products. Even the standards have been bastardized with (I'm guessing) compression layers. WEP is horrible, there are ways to get around it (that require nearly as much bitspace overhead per/packet) ssh, openvpn, winblows vpn, ipsec etc etc.
So what if china wants their own wireless standard, there are so damn many already, one more quasi-secure wireless network isn't going to be revolutionary.
Example: the NTSC, PAL, SECAM, MESECAM, etc standards for broadcast TV. Why do we have so many of them?
Another example: HDTV (US picked 8-VSB, Japan picked COFDM).
China has now realised that it is heavy enough (in "Gorilla" terms) that it is beginning to throw its weight around. A recent example was the new DVD format, EVD
I'm pretty sure it was chosen for the people and not by the people.
Even most desmocracies were set up by the powerfull and not the 'people' - usuall powerfull internal forces (the revolutionaries with big ideas and lots of guns) or by powerfull outside forces (the invading armby with big ideas and lots of guns).
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Oh, for those trolls who might want to respond, "Yeah, but that was a hundred years ago..." might do well to read this link. Here's a short excerpt;
So governments are NOT the only organization that oppresses people!Debunking the "59 Deceits"
Sounds like the Chinese government are learning from the experts. Take a standard. Modify it a bit. Use your monopoly (whether commercial or state) to make everyone use your version. The US justice system has made it clear it is okay to behave this way so why shouldn't the rest of the world?
Why should I or the Chinese or anyone else care?
Since when did the IEEE become the ultimate authority on standards? It's a USA institution remember. Other countries have their own institutions for this..
And it's not as if the IEEE is the most unbiased institution of them all. Corporate money decides what's a standard more often than not nowadays...
As far as the issue of standards themeselves. Since when do we have to always follow standards, especially others'? If something works better for more people, then bring it on. Progress occurs when breaking with tradition/standards and there is merit to the new system/whatever. Not by blindly following the old standards.
/. Where the truth
This poses a couple of issues for international companies. Why spend development money on both a US and China standard? The US does not mandate that you have to use 802.11b, so why not ditch it and go with the Chinese standard, cutting development and support costs in half?
I work in retail. Trust me, consumers really don't care. Hell, half the time they don't even care if what they buy works, so long as they like what it looks like and it's cheap.
The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware."
That concern is entirely unjustified: 802.11 currently doesn't have any meaningful security. So, there won't be "two different standards", there will be just one: the Chinese one. Let's hope it catches on.
The IEEE should bow its head in shame--802.11's WEP was a complete fiasco and an embarrassment to engineering profession.
Think about it
...). While in the USA this isn't such a big problem (yet), it might be a bigger on in China where bandwidth isn't as cheap nor plentiful.
In the USA, having bucket loads of bandwidth is easy and cheap. However I suppose that isn't the case in China.
Wifi makes it real easy for one to steal another's bandwidth. (Especially with WEP
While China is a communist gov't that doesn't care for freedom of speeh blah blah blah blah. It does need to look out for its own people. I for one see this only has a preemptive measure against what might be a serious problem in the future (especially for China's high population density).
Sunny Dubey
...it's because you can't do anything right...even when you behave exactly like a real capitalist. Do you realize how brain-washed some of you are about china? You even live in a sociaty with free press :(
Because TV was invented before the computer chip. Back in the dark mists of time you needed a way to get a clock cycle for your video signal. The easiest way to do this was to use the cycles in your AC mains power. In the US that is 60Hz while in Europe 50Hz was used, leading to two different framerate standards (NTSC is not 30 fps because of a hack performed when color was added to the broadcast signal.) PAL was developed after NTSC and fixed a few problems with the earlier standard, and Brazil created a PAL variant (M-PAL) that worked with a 60 Hz clock signal from the mains power.
SECAM was closer to the example being set here with the China wireless standard, it was created to be different for the sake of being different (we are French so our standard must be different, vive la difference...) as a way to help the French electronics industry of the time. Of course it was then chosen as the Soviet-block standard and then modified for the Middle East market into MESECAM.
It is all too wierd for words, but there was a method to the madness...
Sounds like Clipper/Skipjack.
IANACryptogrypher, but isn't Elliptic Curve cryptography the most thoroughly patent-laden field out there? Working, strong security is an already-solved problem, implemented in both SSL and SSH, [3DES/AES, RSA/DSA, SHA]
o/~ Join us now and share the software
Now instead of crappy WEP I'll have to buy devices that have better security and are made in China so they'll be cheaper! DAMN IT!
How about this: the LSB is about to formalise its own unix standard based upon Linux at ISO, despite the 90% similarity between LSB and POSIX. Apparently, the LSB folks claim Linux is sufficiently different and many other bogus Microsoft like arguments.
You think that I am joking ?