China Mandates Closed Security Standard Boingo Wi-Fi Insider for Tuesday, February 3, 2004

[Dave Farber <dave () farber net>]

China Mandates Closed Security Standard
The Wi-Fi Alliance and IEEE were apparently taken by surprise when the 
Chinese government's regulatory arm announced that only devices that 
included WAPI (Wired Authentication and Privacy Infrastructure) would be 
legal to sell in China after Dec. 1, 2003.
That was the first most companies and individuals had heard of WAPI, which 
is a home-grown replacement for the broken WEP (Wired Equivalent Privacy) 
standard that in the rest of the world is being replaced by WPA (Wi-Fi 
Protected Access) and IEEE 802.11i (due to be finished in 2004).
The Chinese apparently didn't want to wait for WPA or 802.11i, and have 
mandated WAPI on new equipment. Existing gear doesn't have to be trashed, 
and companies with contracts to deliver equipment that extended past Dec. 1 
were allowed to continue to deliver it.
Only a handful of Chinese companies are licensed to include WAPI in their 
equipment, which may force non-Chinese vendors to partner to continue to 
sell into a growing market.
What's worse, WAPI is confidential. It hasn't been openly discussed or 
tested, and given the nature of China's monitoring of other forms of 
communication, it's likely that the standard includes a method for 
interception of ostensibly encrypted traffic. 

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/