Email Delivery

Receive new posts as email.

Email address

Syndicate this site

RSS | Atom

Contact

About This Site
Contact Us
Privacy Policy

Search


November 2010
Sun Mon Tues Wed Thurs Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        

Stories by Category

Basics :: Basics
Casting :: Casting Listen In Podcasts Videocasts
Culture :: Culture Hacking
Deals :: Deals
FAQ :: FAQ
Future :: Future
Hardware :: Hardware Adapters Appliances Chips Consumer Electronics Gaming Home Entertainment Music Photography Video Gadgets Mesh Monitoring and Testing PDAs Phones Smartphones
Industry :: Industry Conferences Financial Free Health Legal Research Vendor analysis
International :: International
Media :: Media Locally cached Streaming
Metro-Scale Networks :: Metro-Scale Networks Community Networking Municipal
Network Types :: Network Types Broadband Wireless Cellular 2.5G and 3G 4G Power Line Satellite
News :: News Mainstream Media
Politics :: Politics Regulation Sock Puppets
Schedules :: Schedules
Security :: Security 802.1X
Site Specific :: Site Specific Administrative Detail April Fool's Blogging Book review Cluelessness Guest Commentary History Humor Self-Promotion Unique Wee-Fi Who's Hot Today?
Software :: Software Open Source
Spectrum :: Spectrum 60 GHz
Standards :: Standards 802.11a 802.11ac 802.11ad 802.11e 802.11g 802.11n 802.20 Bluetooth MIMO UWB WiGig WiMAX ZigBee
Transportation and Lodging :: Transportation and Lodging Air Travel Aquatic Commuting Hotels Rails
Unclassified :: Unclassified
Vertical Markets :: Vertical Markets Academia Enterprise WLAN Switches Home Hot Spot Aggregators Hot Spot Advertising Road Warrior Roaming Libraries Location Medical Public Safety Residential Rural SOHO Small-Medium Sized Business Universities Utilities wISP
Voice :: Voice

Archives

November 2010 | October 2010 | September 2010 | August 2010 | July 2010 | June 2010 | May 2010 | April 2010 | March 2010 | February 2010 | January 2010 | December 2009 | November 2009 | October 2009 | September 2009 | August 2009 | July 2009 | June 2009 | May 2009 | April 2009 | March 2009 | February 2009 | January 2009 | December 2008 | November 2008 | October 2008 | September 2008 | August 2008 | July 2008 | June 2008 | May 2008 | April 2008 | March 2008 | February 2008 | January 2008 | December 2007 | November 2007 | October 2007 | September 2007 | August 2007 | July 2007 | June 2007 | May 2007 | April 2007 | March 2007 | February 2007 | January 2007 | December 2006 | November 2006 | October 2006 | September 2006 | August 2006 | July 2006 | June 2006 | May 2006 | April 2006 | March 2006 | February 2006 | January 2006 | December 2005 | November 2005 | October 2005 | September 2005 | August 2005 | July 2005 | June 2005 | May 2005 | April 2005 | March 2005 | February 2005 | January 2005 | December 2004 | November 2004 | October 2004 | September 2004 | August 2004 | July 2004 | June 2004 | May 2004 | April 2004 | March 2004 | February 2004 | January 2004 | December 2003 | November 2003 | October 2003 | September 2003 | August 2003 | July 2003 | June 2003 | May 2003 | April 2003 | March 2003 | February 2003 | January 2003 | December 2002 | November 2002 | October 2002 | September 2002 | August 2002 | July 2002 | June 2002 | May 2002 | April 2002 | March 2002 | February 2002 | January 2002 | December 2001 | November 2001 | October 2001 | September 2001 | August 2001 | July 2001 | June 2001 | May 2001 | April 2001 |

Recent Entries

In-Flight Wi-Fi and In-Flight Bombs
Can WPA Protect against Firesheep on Same Network?
Southwest Sets In-Flight Wi-Fi at $5
Eye-Fi Adds a View for Web Access
Firesheep Makes Sidejacking Easy
Wi-Fi Direct Certification Starts
Decaf on the Starbucks Digital Network
Google Did Snag Passwords
WiMax and LTE Not Technically 4G by ITU Standards
AT&T Wi-Fi Connections Keep High Growth with Free Service

Site Philosophy

This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.

Copyright

Entire site and all contents except otherwise noted © Copyright 2001-2010 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.

Powered by
Movable Type

« Who's Hot Today? Baltimore Airport (Mary.), Walnut Creek (Calif.), Mesa (Ariz.), Hood River (Ore.) | Main | Free Wi-Fi in Virgin Blue Australian Lounges »

May 29, 2006

China Appeals WAPI Decision

China has reportedly filed an appeal with the ISO standards body over its proprietary wireless LAN encryption algorithm: WAPI (Wired Authentication and Privacy Infrastructure) continues to make waves in international security and standards circles. The Chinese official news agency Xinhua reported today that a domestic industry trade group filed appeals in April and May with the international ISO standards body over ethics issues involved in the fast-track rejection of WAPI alongside IEEE 802.11i.

The Xinhua agency reports that the China Broadband Wireless IP Standard Group (BWIPS)--the recently formed WAPI Industrial Union isn't mentioned here--has collected 49 pieces of evidence proving ethics violations. The 802.11i standard was fast-tracked for consideration of approval; WAPI was rejected, in part, according to reports in March of this year, that China failed to disclosed key portions of the specification, including cryptography.

The group of 22 firms that are involved with WAPI's future were earlier reported to include many with government and military investments and control, which is a typical occurrence in China.

I've written a lot about WAPI; you can find earlier posts here. My ongoing concern, shared by many Wi-Fi industry insiders, is that without WAPI being fully published for examination, there's no way to determine the strength and integrity of the protocol--including whether backdoors are part of the standard. I've been told by some readers this is a paranoid attitude, but I'd suggest that events of the last six months make it clear that China wants to be able to monitor all data traversing its local networks and the Internet.

Update: PC Magazine provides a little more background detail on the dispute which centers on the IEEE recommending its own amendment to the ISO standard to IEEE international members, where the Chinese standards' backers believe the IEEE should have presented its members with an impartial representation of the two amendments.

A University of New Haven School of Business professor with a background in Chinese business operations sides with my take on WAPI. She says in this article, "China's WAPI standard could allow backdoor access to the technology, which is not really allowed. And China has no motivation to prevent backdoor access to the technology so this is one of the tussles. It's very characteristic of Chinese business. China has all kinds of on-the-books and off-the-books trade barriers."

6 Comments

"...events of the last six months make it clear that China wants to be able to monitor all data traversing its local networks and the internet."

So, how is this any different than what the U.S. Government is doing through the NSA with the help of AT&T? It seems clearly evident from news reports and the suit filed in Federal Court by the Electronic Frontier Foundation against AT&T that the U.S. has no problems doing the same thing.

[Editor's note: I'm not defending unconstitutional activities by the U.S. against possibly domestically legal but abhorrent monitoring by China.

Rather, I'm pointing out that the IEEE 802.11i specification can be read and its encryption methods examined. WAPI cannot. It's likely WAPI is kept secret for multiple reasons, but one of them is almost certainly for tapping. 802.11i doesn't include tapping as a feature.

Specific companies could modify 802.11i in their implementation to include tapping, but that is true with all telecommunications equipment in which encrypted sessions terminate within the unit itself.

If an AP handles WPA Enterprise (802.1X with WPA), there's no good way for an AP maker to create an interception as a man in the middle if the certificates for the secure session between a user and a back-end server are handled correctly because that would fail without a valid certificate.--gf]

it's just somebody else business. why would u concern yourself of another country's standard of doing thing in THEIR home? isn't it part of the "freedom" that you always chant about?

[Editor's note: Apparently, you didn't read what I wrote nor the articles I linked to. China is attempting to get WAPI, in its undisclosed form, made into an international standard.

I don't chant much, but I don't believe human rights and freedom are a movable feast. Thus, developing a standard for internal consumption designed to provide another tool of interception for suppression of rights isn't just a matter of "freedom."--gf]

I'm astounded by the ignorance in the two comments below by darin and freedom, and completely agree with the editor's notes.

In particular, darin, the wiretapping done by the US Government is by possibly coercing AT&T (possibly) illegaly to let the NSA look at the data travelling on the AT&T network. On the other hand, China is trying to get a not fully open architecture an international standard recognition. This, my friend, means that one day, there may be international citizens using the closed technology; a technology which possibly has backdoors which the Chinese government most likely has in the closed part of the standard.

Keeping a technology closed and proprietary never helps it's adoption as a standard. If you find yourself siding with China in the article above, replace 'China' with 'Microsoft' and see if your feelings change. As far as the US/AT&T conspiracy goes, if one person gets away with murder, does that mean everyone else should get away with murder too?

Having read one of the Chinese complaints, it's a fascinating example of cultural differences. The main thrust of China's ethical complaints is that technical experts who were not members of the committee expressed their opinions on the subject, and hence did not show the right amount of "respect" to committee members.

It's easy to see why this would be shocking to a country with a one-party system, and no real freedom of speech. I think most of us (and most of ISO) would just view it as healthy debate.

Its obious that the Chinese government has backdoors implanted in their software. Why do you think they are not releasing the source. Not beacuse they are are paranoid that people will steal it but because it has so many doors in it that its screaming to get caught. Dont you realize that China is COMMUNIST and that they have been controlling their internet for YEARS. They censor what they don't approve of and now they are going paranoid over security. But China Ive got news for you...nobody cares about invading you guys.. we've got missles not horses with swords.