Slashdot Mirror
China Frustrated In Encryption Talks
mikesd81 writes "According to an AP article, the Chinese are pushing for the encryption standard called WAPI. It's not going so well, as the majority of countries are taking the IEEE standard 802.11i. From the article: 'An international dispute over a wireless computing standard took a bitter turn this past week with the Chinese delegation walking out of a global meeting to discuss the technology. The delegation's walkout from Wednesday's opening of a two-day meeting in the Czech Republic escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that a U.S.-based standards body used underhanded tactics to prevent global approval of WAPI.'"
Isn't it possible the Chinese could be pushing an encryption standard because they know a flaw in it they can exploit?
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
The Chinese want their encryption to be the standard so that they can use their backdoor.
The US wants its encryption to be the standard so they can use their backdoor.
So the Chinese are pushing for a standard that no one can currently verify as being secure and then they get angry?
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
I'm not trying to be negative, especially towards China... However, I would never accept a security concept from any government that filters and censors their country's internet. Seems like an oxymoron to me.
The best way to predict the future is to invent it. -Alan Kay
See my message above yours. The Standard has not been published after being declassified in January 2006. No published code or theory of operation is available to you, me or 6 billion other people to verify that it is secure or that the spec may be secure but the reference source code may have serious bugs that effect the security. Maybe now you can "...see why adding a third is a problem..." and China knows very well why the standard is being rejected by other intelligent nations right now. It dosen't mean that it can't be a standard in the future, just not right now.
China also seems to be in love with the idea of the central server verifing the security between the client and AP. Centralized key serving scares me even when the implementation is known to be secure. The key servers in China will be controlled by whom?
Kindness is the language which the deaf can hear and the blind can see. - Mark Twain
I trust neither China nor the US to provide me with an encryption standard that protects my privacy. Neither government is known for their fondness of people's privacy.
If anything, a free and most of all open standard could win my heart. But as long as governments are involved, who have an inherent interest in snooping, I will not rely on their security only and use encryption that is under MY (or at least that of about a billion flaw-seekers worldwide) control.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm not any sort of expert, but I believe that OpenSSL is an implementation of an existing standard, whereas the things up for debate here are the next-generation standards to use. Furthermore, these standards are for wireless connections, which isn't something that OpenSSL has anything to do with.
So basically, it's not relevant, I'm afraid.
China throws a hissy fit because it's standards not used? How is this new? It's standard practice to storm out if something you don't like happens. It disrupts the meeting and makes you get your way much easier. Every 4 year old kid can tell you this..
I don't trust China and I don't trust America, but last time I checked "offical" ment jackshit in the tech world. People will use what they deem is best and anything official will either be picked by geeks and become standard or it'll be dead within a few years and replaced by another standard untill geekdom kicks in.
I like muppets.
i11.208, the white and user-friendly encryption that is so hip only the coolest will use it (or be able to afford it)..
I jest! I jest! *ducks*
There are no "backdoors" in standards, only in implementations.
Oh, I can't help quoting you because everything that you said rings true
We're all upset that the Chinese want to introduce their closed-door proprietary standard...
...] are all essentially closed door standards. Even if you're in the SIG you're only one of many. And the many are usually NOT cryptographers so they'll basically vote for whatever turns into the least amount of VB.NET code for their Windows only drivers.
But please, tell me, how many cryptographers were consulted BEFORE the design of WEP? I know of a few who worked on the implementation AFTER the design [e.g. when they couldn't change things]. WEP and WAP [and WiMAX and
Like it's so fucking hard to get a shared-secret lossy communication medium secured... AES + CCM + proper rekeying == router that doesn't cost 69.95$ at Fry's but does == a wifi device you can trust.
Tom
Someday, I'll have a real sig.
You have to partner with a bloody Chinese company to build equipment based on it.
That's fucking ridiculous.
The standard is unpublished, and will not be published. It checks in security keys with a centralized Chinese government server.
I cannot imagine a world that would permit this to become an international standard, and if China insists on all equipment manufactured within its borders to have this technology it'll just push electronics manufacturing out of China.
For a long time, people have predicted that the heavy hand of the Chinese government will one day disrupt the economic boom happening there. I hope to god not; an unstable, economically volatile China sounds like a nightmare to me.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
I think China and North Korea use the same publicist.
an ill wind that blows no good
If China wants to be heard in the international community, then they should participate in other global standards, or should have opened up the design and devlopment process of WAPI to either participation or scrutiny. They developed the standard knowing that their was an international effort (NOT American) to come up with the next generation of WLAN encryption, so I have no sympathy for the wasted effort at this stage. If China wants to effectively participate in the global standards game, they should, for instance, start a Common Criteria scheme and become a signatory country. It seems to this casual observer that China often likes to go it alone wrt standards, and when they suddenly start blustering about this international community not subscribing to their arbitrary standard is ridiculous. Why should the IEEE's efforts be thrown out? They lost the vote. They can complain about the vote being rigged or unfair, but a voting system is the closest approximation to a fair way of determining next-gen standards. I hear voting isn't so popular over in China though.
(%i1) factor(777353);
(%o1) 777353
And since they own all our manufacturing capacity, there would be little we could do about it. It would take years to tool up enough manufacturing to replace everything we depend on them to produce.
I guess being dependent on foreign oil wasn't good enough. We had to match that folly by sending our component manufacturing overseas as well.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
when Mandarin or Cantonese is equally or more effective :)
What they did?
They proposed a secret standard, with a central key repository (located on Chinese government servers). Implementation of this standard was given to 12 Chinese companies, and developing any devices based on this standard requires partnering with these Chinese manufacturers.
It isn't patent-encumbered, but that's because its a secret, and patenting it would require releasing the details.
There isn't any debate to win. Not only is it proprietary versus open, its proprietary and exclusively controlled-and-licensed-and-manufactured by the Chinese government and Chinese state-owned companies.
Everything about WAPI is wrong.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
EETimes did a fact-rich article in March. The first paragraph of the second page is most illuminating. It seems the "startup" that owns the secret encryption mechanism lacks any visible means of support, and it is a "spinoff" of a government body.
IMHO there is far too much polite gentility and benefit of the doubt shown in the media, and ISO, and WTO and even /. to the thugs who run China. There's no moral or technical equivalency involved here. The Chinese government presented WAPI late accompanied by protectionist threats and has been whining disingenuously about the world mistreating it in the process ever since. WAPI has received over 2 years of special treatment because the rest of the world relies on Chinese de facto slave labor to build its electronic goods. If the ISO process was being run honestly with a legitimate goal of defining a trustworthy secure standard that can be widely implemented in interoperable and competitive ways, WAPI would have been dismissed when first proposed.
Oh yes they are Christians & Muslims. They read the same texts and interpreted them differently. There are some good rules for living in the Bible and the Koran but both also contain some really nasty guidance. It's worth checking the Bible to see some of the nastier areas and also see what the Koran has to say regards unbelievers.
-- Using the preview button since 2005
Yes, the christian taliban is in control of the gov. For starters, listen to W. when he does a speach. He will state that God is on ourside, which is nothing less than sacraligous. He does not know exactly what god or christ wants. Worse, he does that will at the same time ordering the torture, maming, and murder of others. I seriously doubt that Christ would want that.
Last night, 60 minutes had a great expose about the plan B. We are trying to move to over the counter since it has been shown to be safe. The admin shelved it due to concerns about under developing kids. getting it. So the company pushed for through the pharmasist, but no prescription needed (i.e. control of the drug). This time, the admin flat out tabled it and even went so far as to speak about moral objections, but not one word of a scientific argument against it.
They are currently trying hard to table a vaccine that would prevent cervical cancer for women, but it has to be admin as a child. The gov. is now fighting it as they argue that it would make women more promiscious( this is the same argument that Reagan used in 1981 to not fund CDC additionally for fighting against the HIV beginning; that religious choice has literally cost America 100's of billions of dollars and 10's of 1000's of lives and will continue to do so until a vaccine is developed). Fortunately, once this admin is gone, it is most likely that the next admin will reverse that choice, and this one will only cost America a few thousand women lives and 100's of millions of dollar (a high price, but it is stoppable).
I do not like Iran, but at least they are open about. They hold an election, and then the freely elected governs in conjuction with islam priest. OTH, America holds and election and if a far right winger gets in, he is beholden to the christian extermists (bear in mind, that the vast majority of christians are not extremists and do not desire to have the church control us; just a small minority who are hard core; Focus on the Family, Pat robertson (1 ton leg lifts or lets murder chavez), Oral Roberts(god is recalling me), and of course, the moral majority (which are neither) ).
I prefer the "u" in honour as it seems to be missing these days.