Slashdot Mirror
China Walks Out of Wireless LAN Security Talks
Ant writes "A CommsDesign article reports that China walked out of a wireless standards meeting this week, accusing the International Organization for Standardization of favoring the IEEE's 802.11i ANSI-certified wireless LAN security scheme over its own controverisal proposal, EE Times has learned.
The gambit came after China's Wireless Authentication and Privacy Infrastructure (WAPI) security scheme was withdrawn and placed on a slower track by the ISO." From the article: "China initially agreed last year to refrain from making its WAPI security scheme mandatory for wireless LAN equipment in China. It then approached ISO with a fast-track submission in an effort to make WAPI an international security standard."
This really isn't China's fault. I used to do this kind of thing too when I was playing marbles around the age of 4. If things didn't go my way, I'd round up all my marbles and stomp off on my way home.
I'm a big tall mofo.
Perhaps China (or at least as personified by these officials) has forgotten where a lot of electronic equipment is manufactured.
Why not just take the new standard and profit on our willingness to buy their stuff, as usual?
Perhaps our dollars don't have the shine they used to?
You can't talk about Wikipedia's flaws on Wikipedia
With 2,000,000,000 potential customers, and most of the world's manufacturing capability within two hours' flying time, you don't just get to choose standards, you get to write 'em.
"It is glorious to be rich! Let a thousand flowers bloom from the barrel of a Pringles can!"
According to this rant WAPI is "on old technology, performs poorly and is insecure"
whats the big deal?
the Chinese?
Seriously. Does China have a valid complaint or not? No one knows yet. Until then, there's nothing to report.
i would have to agree...other then producing the best, low cost , child sweat shops and product forgeries in the world...what does China really contribute to the world?
Good Karma, Bad Karma, doesnt matter to me... I'm still going to say whats on my mind!
Remember, China still has a repressive few who are determined to remain in power and if strangling wireless LAN in their own country helps them stay in power one more day, so much the better for them. Not much of a difference between them and the old emperors and such, just exert power differently...
"We get signal!"
"No you don't, and off to reeducation camp for you!"
A feeling of having made the same mistake before: Deja Foobar
...but an hour later, they were hungry for meeting again.
Following China's walkout, the resulting new coastal areas in central Asia are expected to provide new economic opportunities to the formerly isolated, landlocked region. A brief panic gripped the people of Japan, as China blocked out the sun for several hours as it stepped across the island nation. Geologists and the international community at large are eagerly waiting to see where and how the newly independent continent decides to settle. It was last seen striding across the South Pacific in a brisk huff towards the Isthmus of Panama. Panamanian officials have cautioned China to be careful as the newly mobile landmass will not fit through the canal and would need to carefully step over the fragile strip of land, which could be easily crushed into the seabed by an errant footstep. Representatives of the Chinese government could not be reached for comment.
Unknown host pong.
A lot of inventions.t ml
http://www.inventions.org/culture/asian/chinese.h
Just like FireWire.
____
~ |rip/\/\aster /\/\onkey
Repeat after me... WAPI is Crappy.
WAPI is insecure, doesn't scale, late and undeployable.
If you read the specs and had any involvement in the 802.11i process, you will understand what an amature piece of work WAPI is. It was compounded with the blatant IP grab that China was trying to make with WAPI (you have to send China your RTL, they *THEY* can integrate it into your chip - yeah right).
The only way you can effectively write 802.11 specifications for anything as intertwined with the base spec is to go to the 802 meetings and propose your scheme. From 802, down through 802.11 and the 802.11 task groups, the documents are heavily cross dependent and part of the purpose of these massive meetings is to make sure that all the bits fit together and are kept up to date with respect to each other.
Trying to write an 802.11i replacement in isolation is doomed to failure and fail is exactly what they did.
Now they are forum shopping. ISO rubber stamps the 802 documents because 802 has a long history of succesful open standards development. Whining 'it's not fair! They won't take our spec but they will take the IEEE specs' is disingenuous bullshit and they know it. There is a basic quality threshold you have to pass first.
Evil people are out to get you.
Here is a paper that describes the WAPI standard. As a cryptodilettante, damned if I know if it's any good.
What I say does not represent the views of my employers, my friends, my cats, or myself.
Between this and the Chinese push for EVD it sounds like China is tired of paying royalties on technology they manufacture to foreign technology companies. Remember with one law they can include any standard they want in 75% percent of the electronics you buy. If they really want to push EVDs or WAPI they will not have much of a problem. I mean manufacturer's will have to choose between employing two standards in all products, or going with whatever China wants. Ubiquity makes for a de-facto standard.
Isn't that sort of oxymoronic? In a communist country how does one fit "privacy" and/or "secure" encryption? This is obviously for public use. The government can adopt whatever security standards they dam please for their own communications.
they are growing... which is great for a communist country to do... if im not mistaken other than cold war russia and germany... they would probably be the first sucessful communist government to succeed in producing a government with a stable economy. its true that textiles are comming from china ( which by the way has closed a lot of factories here in columbus, ga and lost many people there jobs..but thats another story) but its hard to push your standard if the rest of the world is not using it. they could push all day long ...other companies will go with the flow and follow ISO standards ( big companies like Cisco/Linksys and others) it would make sense for China to discuss why they feel their standard is better instead of stroming out... you cant act like the 800 lbs gorrilla until you weigh 800 lbs? but you bring alot of good points to the table
Good Karma, Bad Karma, doesnt matter to me... I'm still going to say whats on my mind!
It seems that China wants to capitalize on the fact that they are considered a big potential market by the West. If they are insignificant, who would care if they want to use WAPI? It is greed by Western companies that have allowed China to do this--"hey, if I don't give in, some other company will and I cannot afford to lose potential market share in a country like China". The fact that they went to the ISO to give WAPI a fast-track course on standardization says out loud that as soon as WAPI is standardized, China will require WAPI.
Oh come on, there are many reasons to like China:
1. It's a brutal dictatorship.
2. They invaded Tibet, and murdered 1/3 of the inhabitants.
3. 14 of the 20 most polluted cities in the world are Chinese.
4. They make for extremely poor immigrants, refusing to integrate in the host country that graciously allowed them entry, and indeed consider themselves superior to the "mongrel people" (whites) and "black shit" (blacks).
5. To the Chinese, legal contracts are just sort of like suggested behaviour, but are in no way binding.
6. The bizarre, superstitious bullshit known as Chinese medicine has led to the decimation of Chinese wildlife, especially bears. So they've turned to other countryies, notably Canada, to provide the materials for their voodoo. In British Columbia, it's essentially a black bear holocaust.
7. The Chinese government brutally represses the Falun Gong people, who are a peaceful bunch.
I could go on and on, but it's too depressing.
One can hope that it's better than your grammar or else we are all fucked.
Monstar L
You left out chinese food.
Is China some communications company I've never heard of? Or is the government in talks with the ISO board?
That's how pretty much all international politics is - at best, international politics resembles 8 year olds in the school yard. Unfortunately for those of us who just want to get on with our lives, these particular 8 year olds have nuclear weapons.
Oolite: Elite-like game. For Mac, Linux and Windows
"All right, but apart from sanitation, medicine, education, wine, public order, irrigation, roads, a fresh water system and public health, what have the Romans ever done for us?"
Except that China isn't really Communist any more, and hasn't been Communist since Mao's death.
The world's burning. Moped Jesus spotted on I50. Details at 11.
The dollars valuation has deteriorated pretty dramatically in the past months.
Except that China's currency is tied to the US dollar. This has been a major point of contention for the Bush administration, as well as the US domestic manufacturing sector. Even as the dollar falls, Chinese imports become no less or no more expensive because the exchange rate has stayed the same.
A weak dollar helps increase American exports to Europe, for instance, because Europeans can now get more for their euro. When the Chinese decide to float their currency on an open exchange, the price of their currency will likely rise, and their products will therefore become more expensive in America. This will in turn decrease exports, and that will hurt the Chinese manufacturing sector. And this is why the Chinese government is so reluctant to do this (although once their economy is more stabilized, it would make a lot more sense.
An effective signature identifies a particular user amongst a base of thousands.
There is no Global body that makes laws!
There is no international legislature (the UN ain't it), there is no international monarch. They are the two groups that make laws. When there is a 1:1 correlation between cause & effect, if you don't have the cause (international legislature) you can't have the effect (international law).
So despite the lies that a bandied about, international law doesn't exist.
What people often mean when they say "international law" is "treaties," but they usually have some agenda they are hiding behind and intentionally misleading you. I assume that since God is dead and humans can no longer appeal to the moral authority of God that they feel the need to appeal the moral authority of some other fictitious being. In this case, international law (aka global standards).
Now on to treaties.
Treaties are just agreements between governments to enact laws. They aren't law by themselves. The US Constitution gives the President the authority to make treaties, but Congress gets to ratify and then make laws based upon them.
So, the US & AU make a treaty to do W, X & Y
When it gets run through the AU Parliament they don't like W. So they pass a law that allows for V, X & Y. That law is only enforceable in AU. It is an imperfect implementation of the treaty, but an implementation nonetheless. It is like a standard that is implemented but not fully.
Same thing happens in the US Congress. But they pass law with X, Y & Z.
Now you have 2 national laws. A AU law. A US law. You don't have an international law. Why? No international legislature remember.
You can sue in AU under the AU law, but not the US law. So in AU you are entitled to V, X & Y.
You can sue in US under the US law, but not the AU law. So in US you are entitled to Z, X & Y.
No where can you sue under the treaty. You never are entitled to W. Because te treaty (which entitled you to W) isn't a law, just an agreement to make a law.
You can't sue in NZ under either the AU or US laws. Because NZ, has neither of these laws and their courts don't care about US or AU laws.
Now we mis-use the term "treaty" to refer to both the AU & US laws collectively, but neither of them is really the treaty as negotiated by the PM/President.
Hey what about these international courts?
Well, they are really arbitration bodies.
They have no legal power beyond what the individual nations give them.
The UK may pass a law giving ICC judgments full effect, but that is due to the UK ceding sovereignty to the ICC, not because the ICC is inherently morally superior or because of some international law (which doesn't exist remember).
Now the US doesn't agree to cede its sovereignty to the ICC. So the ICC has no effect in the US.
Why no power beyond what the individual nations give them?
It comes down to a concept called jurisdiction.
See, ultimately might does make right. Not moral correctness, but the right to do something is ultimately based upon your ability to enforce that right.
To enforce a court order to, for example, the ability to forcibly imprison someone, take their personal and real property from them, you need an army and a police system. Nations have these things. NGO bodies don't. Even the UN has no standing military. It relies on borrowing the military of its member nations.
If the ICC has a judgement it wants enforced in the UK, it needs to get the approval of the UK government to use the UK police force to do that. Alone, the ICC is impotent.
Ultimately, every country acts unilaterally. Every country implements their own version of treaties. Every country decides whether or not to cede sovereignty to an international arbitration board.
Congratulations! You are being a tedious bore, and simultaneously insulting the memory of the hundreds of millions killed by Communism. Nice trick. Too bad your insight is not original to you, but has been an article of faith among marginalized leftists for fifty years.
Ask most (American) people what they think communism is, and if they have any idea at all, it'll be something like totalitarianism.
Americans know damn good and well what Communism is. Any high school student can tell you "From each according to abilities, to each according to needs," and any decently educated college student can tell you about the dictatorship of the proletariat. If you have any understanding of human nature, that's all you need to know about Communism and why it is doomed.
If there is any firm lesson from the history of the last century, it is that Communist ideals, always and everywhere, fail in practice. This is due to immutable laws of human nature and behavior. It can only be artificially maintained at the point of a gun, and then only for a limited time. Wherever and whenever it has been tried, it has lead to tyranny, mass slaughter, famine, and misery. Wherever and whenever it is tried in the future, the result will be the same.
Of course, none of this made the least impression on the sheltered twits of the academic Left, who insist against all evidence that "real" Communism has not yet been tried. If only, if only, they whine, everybody would just be nice little Communists and accept their lot in life "according to their needs", then Utopia would arrive and all our problems would be solved.
I think that if the economic ideals of communism (everyone contributes, everyone receives) were put into place in a political system, you'd have something like ancient Greece.
I think that if my auntie had bollocks, she'd be my uncle.
What you are describing has never happened and never will. Quit deluding yourself and join the reality-based community.
-ccm
Too much Law; not enough Order.
Has anyone considered that the reason that the Chinese were mandating a wireless encryption standard with such force would be specficially because it has been designed with a back-door of some form that allows easy identification of keys?
Take all the facts into consideration, this country has more human rights violations than most can keep track of, and habitually shuts down any means by which the people can read unauthorized material, often resulting in illegal, indefinate jail sentances. All that, for reading CNN?
The fact the Chinese are happy about encryption is nothing more than a single loud beacon that it's not strong enough. If its safe enough to hide Falun Gong meetings or whatever else, you can bet your testicles (Lets face it, everyone who reads this site has them, if only in jars) that it's worth use in commerce.
If it werent, a small dasiy chain of wireless networks could flood Bejing with "unauthorized" material in days, destroying the virtue of the Great Firewall of China.
Except that China isn't really Communist any more, and hasn't been Communist since Mao's death.
One might even go so far as to say China has never been communists according to the doctrine laid out by Marx, but some form of Socialist Dictatorship. Even when Mao was in charge, they had constant battles with Moscow over the fact that China's communisim didn't match up with Russia's communisim. And neither was what Marx had envisioned.
They make good fortune cookies, though.
HA! I just wasted some of your bandwidth with a frivolous sig!
That China wanted WAPI that much probably means they can easily crack it. The last thing they want is to not be able to eavesdrop on their citizens. Just ask the Falun Gong.
they would probably be the first sucessful communist government to succeed in producing a government with a stable economy.
Classic, theoretical communism implies there will be a dissolution of the central gov't into a form of anarchism. Soviet communism (as we currently see communism) bans private ownership of property, and the gov't regulates all operation of all material production. China's economic system currently has "rich" private owners of various enterprises, and looks to divest the gov't of almost all industries. There is even an entrepeneur class that extends beyond Hong Kong. The catch is that almost all the owners of the really important industries happen to also be the highest ranked gov't officials, that the gov't can arbitrarily come down on any private owner at any time, and there are still industries which haven't been privatized by the central gov't.
But once the bulk of industries stop being owned and managed by the central gov't, it stops being communism. What to call it is another dilemna. You could argue its evolving to a western socialist state, or merely into an oligarchy; my problem with China is that it appears to me to be evolving into a fascist gov't, similar to what was seen in post-WWI Germany and Italy.
Tragic that the average slashdotter (and thus, the 1st world citizen) doesn't really understand these distinctions. Perhaps if one phrased the question as "What would have Fascist Germany have been like without Hitler? Lets say, a Fidel Castro or Kim Il Sung", and you might start to appreciate the potential for problems. Even worse, one will still be looking at China as a communist country, when it will be a significantly more efficient economy and better operated. Then kick in 1+ billion people and 20% of their nationalistic, military aged males not able to marry. Interesting times ahead.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
" Neither the IEEE nor ANSI is American."
And what does the "A" in "ANSI" stand for again?
Even as the dollar falls, Chinese imports become no less or no more expensive because the exchange rate has stayed the same.
Don't confuse a currency peg with the purchasing power. A currency peg does not mean that the value of imports/exports remains fixed. You are also assuming that the Dollar and Renminbi are the only two currencies out there. I'll try to explain because it's not entirely intuitive. (and I'll try to keep it simple because it isn't - hopefully I've gotten my cash flows right...)
If the US buys goods from China, capital (money) *has* to flow into China. There is now a smaller supply of capital (money) in the US and a larger money supply in China. When the money supply gets larger, the value of a unit of currency (absent government action) falls.
The next time China wants to buy (import) some goods, they have all this extra supply of dollars. Excess supply reduces the real value of their currency so they can buy less goods/services. Having a "cheap" currency makes exports cheaper but imports more expensive.
Notice that exchange rates haven't even been mentioned yet. With a floating currency, the Renminbi (China's currency) would devalue in the Foreign Exchange (FX) markets. But to keep this from happening, China does something clever. First, they do not permit the Renminbi to be traded in Foreign Exchange markets keeping the supply low. They maintain the exact exchange rate by buying/selling US Bonds (dollars but in the future) with the dollars they got earlier from selling goods.
One problem is that this can lead to speculation. (Read about George Soros and the Bank of England for details) To avoid this problem China keeps a HUGE foreign reserve (over $600 billion and rising) to keep speculators at bay, even though it is widely recognized that China is enjoying a 20-40% advantage in exports. Since China's economy is export driven, they aren't about to change that suddenly either. Yes, they will have to adjust the peg to keep inflation in check but it's going to happen gradually. I'm getting aside however.
The point is, that a currency peg does NOT keep the prices of goods between the US and China constant. The US can't keep printing dollars and selling them to China forever without inflation occuring. Likewise China can't keep selling goods to the US for increasingly more plentiful (and thus less valuable in the world market - remember there are other countries besides the US and China) dollars.
You don't trust crypto that is secret, period. For everything I'm aware of short of a one time pad (and even that sort of) you don't prove it to be strong, you prove it to be not weak. Ok sounds like a silly language game but here's what I mean:
A proof something is strong would mean you could conduct a single test that would prove that an algorithm didn't have any flaws. That test would be all that's needed. It'd get redone a number of times to ensure there were no errors in testing, but if it passed, you'd know it's good.
Well, can't do that. What you can do, and do in reality, is try over and over to break it. You have all kinds of experts back away at an algorithm and see if they can crack it. When nobody can, and when they do all sorts of mathematical tests showing that probably it can't be broken, you feel confident in calling it strong.
There's a reason why it took so long for Rijndael to become AES. It had to undergo a lot of testing (past what it already had) before FIPS was convinced that yes, it really was secure. It wasn't proved in one magic test, rather the continual failures to break it were seen as a mounting amount of evidence that, indeed no break is possible.
So you never, ever, trust an encryption that uses a secret method. If it hasn't been tested by the world mathematical and cryptographic communities, it isn't worth its shit. For all you know there could be a gaping hole that even the developers don't know about, but will be discovered soon. You only ever use tested, reviewed, public crypto.
Hell, for the reason of testing, some peopel still recommend the use of 3DES instead of AES. Why? Well though AES is superior in the long term, since it'll be harder to crack brute force, it just don't have the history 3DES does. There has been a couple of decades of DES usage, with no breaks. Thus you can pretty confidently say there will be no breaks, until computers are of sufficient power to brute force 3DES, you are safe, and that's going to be a while. AES is almost certianly as good or better, but still, there's not that history of proof, it's the new kid.
So regardless you your trust for a particular nation, don't ever trust secret crypto. EVen if the intent isn't ot have it breakable, it very well could be.