Slashdot Mirror
China Frustrated In Encryption Talks
mikesd81 writes "According to an AP article, the Chinese are pushing for the encryption standard called WAPI. It's not going so well, as the majority of countries are taking the IEEE standard 802.11i. From the article: 'An international dispute over a wireless computing standard took a bitter turn this past week with the Chinese delegation walking out of a global meeting to discuss the technology. The delegation's walkout from Wednesday's opening of a two-day meeting in the Czech Republic escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that a U.S.-based standards body used underhanded tactics to prevent global approval of WAPI.'"
So the Chinese are pushing for a standard that no one can currently verify as being secure and then they get angry?
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
But the US is too lovely and Christian to do the same?
jh
It is entirely conceivable, made more so by the enormous Chinese reticence to publish the SMS4 encryption algorithm they're using and to open it to international review.
AES versus a Chinese government-approved algorithm which you can only get a specification for by agreeing to partner with one of eleven Chinese firms is not a difficult decision.
See my message above yours. The Standard has not been published after being declassified in January 2006. No published code or theory of operation is available to you, me or 6 billion other people to verify that it is secure or that the spec may be secure but the reference source code may have serious bugs that effect the security. Maybe now you can "...see why adding a third is a problem..." and China knows very well why the standard is being rejected by other intelligent nations right now. It dosen't mean that it can't be a standard in the future, just not right now.
China also seems to be in love with the idea of the central server verifing the security between the client and AP. Centralized key serving scares me even when the implementation is known to be secure. The key servers in China will be controlled by whom?
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
I trust neither China nor the US to provide me with an encryption standard that protects my privacy. Neither government is known for their fondness of people's privacy.
If anything, a free and most of all open standard could win my heart. But as long as governments are involved, who have an inherent interest in snooping, I will not rely on their security only and use encryption that is under MY (or at least that of about a billion flaw-seekers worldwide) control.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
In fairness, the Chinese could have a legitimate reason to want their own encryption standard: they own the IP on it. Down the road there could be quite large licensing costs on 802.11n devices. Since this would be an area where the chinese would have the same cost base (for export) it would have the effect of making chinese router exporters less competitive relatively speaking. They would both be funding their rivals and any cost savings they could make in manufacturing would make up a smaller proportion of the cost of the device.
The actual effectiveness (or lack thereof) of the encryption might be as irrelevant as it is in many standards conflicts.
the more they over-think the plumbing the easier it is to stop up the pipe
The level of independence of the member states helps. Since they don't trust each other, they are more likely to come up with an acceptable standard. While there are reasonable levels of co-operation between their respective security services, there is no top level organisation comparable with the NSA or the Chinese equivelent.
need a free COBOL editor for Windows?
There are no "backdoors" in standards, only in implementations.
Oh, I can't help quoting you because everything that you said rings true
You have to partner with a bloody Chinese company to build equipment based on it.
That's fucking ridiculous.
The standard is unpublished, and will not be published. It checks in security keys with a centralized Chinese government server.
I cannot imagine a world that would permit this to become an international standard, and if China insists on all equipment manufactured within its borders to have this technology it'll just push electronics manufacturing out of China.
For a long time, people have predicted that the heavy hand of the Chinese government will one day disrupt the economic boom happening there. I hope to god not; an unstable, economically volatile China sounds like a nightmare to me.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
The Chinese care about IP when it's their IP. They give tacit approval to those who pirate others intellectual property, but they will not stand for anyone taking theirs.
If China wants to be heard in the international community, then they should participate in other global standards, or should have opened up the design and devlopment process of WAPI to either participation or scrutiny. They developed the standard knowing that their was an international effort (NOT American) to come up with the next generation of WLAN encryption, so I have no sympathy for the wasted effort at this stage. If China wants to effectively participate in the global standards game, they should, for instance, start a Common Criteria scheme and become a signatory country. It seems to this casual observer that China often likes to go it alone wrt standards, and when they suddenly start blustering about this international community not subscribing to their arbitrary standard is ridiculous. Why should the IEEE's efforts be thrown out? They lost the vote. They can complain about the vote being rigged or unfair, but a voting system is the closest approximation to a fair way of determining next-gen standards. I hear voting isn't so popular over in China though.
(%i1) factor(777353);
(%o1) 777353
What they did?
They proposed a secret standard, with a central key repository (located on Chinese government servers). Implementation of this standard was given to 12 Chinese companies, and developing any devices based on this standard requires partnering with these Chinese manufacturers.
It isn't patent-encumbered, but that's because its a secret, and patenting it would require releasing the details.
There isn't any debate to win. Not only is it proprietary versus open, its proprietary and exclusively controlled-and-licensed-and-manufactured by the Chinese government and Chinese state-owned companies.
Everything about WAPI is wrong.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell