Slashdot Mirror
China Frustrated In Encryption Talks
mikesd81 writes "According to an AP article, the Chinese are pushing for the encryption standard called WAPI. It's not going so well, as the majority of countries are taking the IEEE standard 802.11i. From the article: 'An international dispute over a wireless computing standard took a bitter turn this past week with the Chinese delegation walking out of a global meeting to discuss the technology. The delegation's walkout from Wednesday's opening of a two-day meeting in the Czech Republic escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that a U.S.-based standards body used underhanded tactics to prevent global approval of WAPI.'"
The algorithm selected for AES was originally called Rijndael, and was developed by two Belgian cryptographers.
I seem to remember some old stories about the NSA and the DES standard.
The NSA pushed for a few changes in the standard, without divulging the reasons. Some thought it was to insert a backdoor or vulnerability. Years later, after the outside world developed more crypto expertise, the found that the NSA had actually closed a vulnerability that nobody else even knew about. If the NSA had a backdoor into DES, it was with hardware that could brute-force it.
The living have better things to do than to continue hating the dead.
It stands for Institute.
It's got nothing to do with the US being better than China - the Chinese delegation is trying to portray it as a national issue, but actually it's about open standards. 802.11i is a published, peer-reviewed standard based on published, peer-reviewed encryption algorithms. In fact the driving force behind 802.11i is the flaws that were found in 802.11b by people outside the IEEE. If 802.11b had been a closed-book standard like WAPI, those flaws would still have existed but they might never have been made public.
Let's see what the real issues are:
/all of their Western government hardware sales by
IEEE / ISO standard == open standard
Chinese WAPI == closed standard
The Chinese government requires that any implimentor pay
licensing costs to China. If you want to embed their WAPI,
you must incorporate in China with a Chinese entity as the
majority shareholder. The questions become: "Does Intel
really want to make the Chinese government their "senior"
partner in chipset fabs, just to get WAPI embedded?"
"And considering the potential for Chinese government trojans
and/or backdoors in their WAPI code, would Intel risk losing
any
adopting WAPI?"
Leveno quality control, as well as the increased potential for
trojans / backdoors in their software drivers, has already
made a negative impact on sales of IBM's former hardware
company.
EETimes did a fact-rich article in March. The first paragraph of the second page is most illuminating. It seems the "startup" that owns the secret encryption mechanism lacks any visible means of support, and it is a "spinoff" of a government body.
IMHO there is far too much polite gentility and benefit of the doubt shown in the media, and ISO, and WTO and even /. to the thugs who run China. There's no moral or technical equivalency involved here. The Chinese government presented WAPI late accompanied by protectionist threats and has been whining disingenuously about the world mistreating it in the process ever since. WAPI has received over 2 years of special treatment because the rest of the world relies on Chinese de facto slave labor to build its electronic goods. If the ISO process was being run honestly with a legitimate goal of defining a trustworthy secure standard that can be widely implemented in interoperable and competitive ways, WAPI would have been dismissed when first proposed.