Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

China Frustrated In Encryption Talks

Zonk posted more than 8 years ago | from the can't-always-get-what-we-want dept.

252

mikesd81 writes "According to an AP article, the Chinese are pushing for the encryption standard called WAPI. It's not going so well, as the majority of countries are taking the IEEE standard 802.11i. From the article: 'An international dispute over a wireless computing standard took a bitter turn this past week with the Chinese delegation walking out of a global meeting to discuss the technology. The delegation's walkout from Wednesday's opening of a two-day meeting in the Czech Republic escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that a U.S.-based standards body used underhanded tactics to prevent global approval of WAPI.'"

cancel ×

252 comments

Sorry! There are no comments related to the filter you selected.

openssl? (-1, Troll)

sl4shd0rk (755837) | more than 8 years ago | (#15515878)

openssl?

Re:openssl? (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15515912)

openssl?

Don't make yourself ridiculous. We are talking about industrial-strength cryptography, not some FOSS-crap that's barely good enough for Linux-distribution-servers and other pointless nonsense.

Re:openssl? (3, Informative)

zootm (850416) | more than 8 years ago | (#15515947)

I'm not any sort of expert, but I believe that OpenSSL is an implementation of an existing standard, whereas the things up for debate here are the next-generation standards to use. Furthermore, these standards are for wireless connections, which isn't something that OpenSSL has anything to do with.

So basically, it's not relevant, I'm afraid.

Re:openssl? (1)

deevnil (966765) | more than 8 years ago | (#15515993)

Everybody wants to use /their/ secret, of course. If it can't have code that all parties can audit.... ? I mean for real. OpenWhatever then, or is it just play-encryption.

Re:openssl? (1)

HRogge (973545) | more than 8 years ago | (#15516268)

It seems you have no idea what makes a good encryption standard today.

The only way to be sure that an encryption schema is good is to publish it so that thousands of scientists can look at it and search for problems. Better try to include the community into the developement process.

Your "security by obscurity" idea almost never worked...

Maybe I'm too paranoid, but... (5, Interesting)

damburger (981828) | more than 8 years ago | (#15515879)

Isn't it possible the Chinese could be pushing an encryption standard because they know a flaw in it they can exploit?

Re:Maybe I'm too paranoid, but... (4, Insightful)

prefect42 (141309) | more than 8 years ago | (#15515884)

But the US is too lovely and Christian to do the same?

Re:Maybe I'm too paranoid, but... (2, Insightful)

damburger (981828) | more than 8 years ago | (#15515896)

Oh, don't get me wrong - I don't trust the US government not to do the exact same thing. I just trust the CCP even less. Either way, I wouldn't entrust my privacy to any standard pushed by a government, as all governments are in the business of espionage. PS Is a random number generator moderating or something?

Re:Maybe I'm too paranoid, but... (0)

Anonymous Coward | more than 8 years ago | (#15516197)

Then, make your own encryption algorithm. Let's see whether it can stand some hacking.

Re:Maybe I'm too paranoid, but... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15516333)

And I guess that's the problem with you and the rest of the ignorant Americans. You think you know how other countries should be run, but you can't even run your own.

Enjoy the police state.

Re:Maybe I'm too paranoid, but... (-1, Troll)

OYAHHH (322809) | more than 8 years ago | (#15515943)

> But the US is too lovely and Christian to do the same?

Hey,

At least this Christian country, called the USA, which you so obviously despise, doesn't shut Google down for an entire two weeks without explanation.

"Christian"? WTF? (0)

Anonymous Coward | more than 8 years ago | (#15515949)

Since when is the USA a "Christian" country? Have Falwell and his Taliban finally taken over your government completely? Sorry to hear that; it seemed like a reasonably nice place while it lasted.

Re:"Christian"? WTF? (0)

Anonymous Coward | more than 8 years ago | (#15516219)

Yes, at the moment the US is run by the christians. They will burn you out of your house if you are not a christian. I know this second hand.

Re:"Christian"? WTF? (0)

Anonymous Coward | more than 8 years ago | (#15516331)

"God bless America". Norway had a priest as a prime minister, but even he knew bether than speaking about God in his speaches as the prime minister.

Few things make me more angry than a American president using those words when he would like to torture, kill and rape the world.

Re:Maybe I'm too paranoid, but... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15515988)

Shutting down Google, is way bettre than shooting thousands in Iraq

Re:Maybe I'm too paranoid, but... (-1, Offtopic)

Stargoat (658863) | more than 8 years ago | (#15516074)

Shooting thousands in Iraq, a million or so in Indochina, and millions in conquest of the continent still pales in comparison to the glorious achievements of the past fifty years in China.

Re:Maybe I'm too paranoid, but... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15516005)

But you have guantanamo, holding people for 5 years without charge, how Chritian is that??

Re:Maybe I'm too paranoid, but... (0, Flamebait)

michael_george (548380) | more than 8 years ago | (#15516007)

>Hey,
>
>At least this Christian country, called the USA, which you so obviously despise, doesn't shut Google down for an entire two weeks without explanation.

Oh, get off your high horse. So obviously a true Christian country wouldn't use 'rendition' to torture information from prisoners either, now would they?

Re:Maybe I'm too paranoid, but... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15516106)

Oh, get off your high horse. So obviously a true Christian country wouldn't use 'rendition' to torture information from prisoners either, now would they?

Correct. A true Christian country wouldn't torture prisoners. Other than the Vatican I'd think you'd have a hard time finding a "true" Christian country and they certainly have more than enough blood on their hands to last forever.

Re:Maybe I'm too paranoid, but... (0)

Anonymous Coward | more than 8 years ago | (#15516010)

I don't know if you remember, but the US recently voted down Net Neutrality [slashdot.org] . Shutting down Google for a couple of weeks won't be much compared to allowing private companies decide what you can and cannot see...

Re:Maybe I'm too paranoid, but... (4, Informative)

Anonymous Coward | more than 8 years ago | (#15516193)

It's got nothing to do with the US being better than China - the Chinese delegation is trying to portray it as a national issue, but actually it's about open standards. 802.11i is a published, peer-reviewed standard based on published, peer-reviewed encryption algorithms. In fact the driving force behind 802.11i is the flaws that were found in 802.11b by people outside the IEEE [ucl.ac.uk] . If 802.11b had been a closed-book standard like WAPI, those flaws would still have existed but they might never have been made public.

Re:Maybe I'm too paranoid, but... (0, Troll)

ClamIAm (926466) | more than 8 years ago | (#15515886)

Yeah, like all the backdoors the NSA put into SELinux...

Re:Maybe I'm too paranoid, but... (0)

Anonymous Coward | more than 8 years ago | (#15515902)

That sounds serious and, by the way you speak, it seems that they are quite a few. Could you please mention at least one?

Re:Maybe I'm too paranoid, but... (0, Offtopic)

ClamIAm (926466) | more than 8 years ago | (#15515916)

Hello [wikipedia.org] .

Re:Maybe I'm too paranoid, but... (0)

Anonymous Coward | more than 8 years ago | (#15515939)

you should know that sarcasm doesn't pass through forum posts.

Re:Maybe I'm too paranoid, but... (5, Insightful)

Tom Womack (8005) | more than 8 years ago | (#15515887)

It is entirely conceivable, made more so by the enormous Chinese reticence to publish the SMS4 encryption algorithm they're using and to open it to international review.

AES versus a Chinese government-approved algorithm which you can only get a specification for by agreeing to partner with one of eleven Chinese firms is not a difficult decision.

Re:Maybe I'm too paranoid, but... (5, Insightful)

ronanbear (924575) | more than 8 years ago | (#15515964)

Too paranoid is sorta an oxymoron on subjects like these.

In fairness, the Chinese could have a legitimate reason to want their own encryption standard: they own the IP on it. Down the road there could be quite large licensing costs on 802.11n devices. Since this would be an area where the chinese would have the same cost base (for export) it would have the effect of making chinese router exporters less competitive relatively speaking. They would both be funding their rivals and any cost savings they could make in manufacturing would make up a smaller proportion of the cost of the device.

The actual effectiveness (or lack thereof) of the encryption might be as irrelevant as it is in many standards conflicts.

Re:Maybe I'm too paranoid, but... (1)

Nested (981630) | more than 8 years ago | (#15515976)

the Chinese could have a legitimate reason to want their own encryption standard: they own the IP on it.
Honestly, when have the Chinese ever given a shit about IP?

Re:Maybe I'm too paranoid, but... (4, Insightful)

WiJO (975904) | more than 8 years ago | (#15516121)

The Chinese care about IP when it's their IP. They give tacit approval to those who pirate others intellectual property, but they will not stand for anyone taking theirs.

Re:Maybe I'm too paranoid, but... (5, Interesting)

DNS-and-BIND (461968) | more than 8 years ago | (#15516001)

Uh...licensing costs? They just steal it. It's standard operating procedure. Seriously.

Just this weekend, I was at the local expo at my city here in China (I'm an expat). I open up their little guide magazine that comes with the gift bag and city map. Inside, I find content ripped off directly from my own website (I run the local English-language city guide). It's stuff that I wrote, and the freaking government copied it. Of course, there was no use complaining - what am I going to do, sue?

Re:Maybe I'm too paranoid, but... (3, Informative)

mrchaotica (681592) | more than 8 years ago | (#15516135)

They have to legitimately pay for licenses on anything they manufacture and import into the US. The grandparent poster's theory is that they want to give their router manufacturers a competitive advantage, because otherwise they have to pay the same license fee as everyone else and can't undercut the competition as much.

Re:Maybe I'm too paranoid, but... (0)

Anonymous Coward | more than 8 years ago | (#15516063)

Does the standard use characters useable in the Chinese language ?
ASCII for example would be useless.
for example : An encrytption string using an English alphabet could anger them culturally and they see it an 'Not neutral'
  The chinese may want to see characters that can render chinese
 

Re:Maybe I'm too paranoid, but... (0)

Anonymous Coward | more than 8 years ago | (#15516123)

They will probably reject Unicode as well.
The issue may be that it's simply not their design and nothing more .

It boils down to... (4, Interesting)

QuietLagoon (813062) | more than 8 years ago | (#15515880)

...who can crack whose encryption.

The Chinese want their encryption to be the standard so that they can use their backdoor.

The US wants its encryption to be the standard so they can use their backdoor.

Re:It boils down to... (-1)

Trip Ericson (864747) | more than 8 years ago | (#15515889)

Then the obvious solution is to use something neutral, like PengCryption. Made by the most intelligent penguins of Antarctica, this form of encryption has a backdoor only penguins can exploit. FEAR THE PENGCRYPTION!

Re:It boils down to... (1)

DirtyHarry (162125) | more than 8 years ago | (#15515892)

Well, then Id opt an European Encryption.

Re:It boils down to... (2, Insightful)

damburger (981828) | more than 8 years ago | (#15515937)

On what basis are European governments more trustworthy in this regard than the Chinese or US governments?

It is never a good idea to trust technology supplied to you by people with a vested interest in spying on you.

Re:It boils down to... (4, Informative)

klmth (451037) | more than 8 years ago | (#15515961)

The algorithm selected for AES was originally called Rijndael, and was developed by two Belgian cryptographers.

Re:It boils down to... (1, Funny)

Anonymous Coward | more than 8 years ago | (#15515970)

On what basis are European governments more trustworthy in this regard than the Chinese or US governments?

On basically every basis.

Re:It boils down to... (4, Insightful)

ynohoo (234463) | more than 8 years ago | (#15515973)

The level of independence of the member states helps. Since they don't trust each other, they are more likely to come up with an acceptable standard. While there are reasonable levels of co-operation between their respective security services, there is no top level organisation comparable with the NSA or the Chinese equivelent.

Re:It boils down to... (1)

damburger (981828) | more than 8 years ago | (#15515994)

It may seem like the EU member states get on like cats in a sack, but that only tends to go so far as cultural and economic competition. Violating the privacy of European citizens in the collective interests of every EU government.

This might be getting into tinfoil hat territory, but given that it is possible to encrypt your sensitive data before sending it over a network in most cases, would you really want to take a chance?

Re:It boils down to... (1)

powerlord (28156) | more than 8 years ago | (#15516202)

While there are reasonable levels of co-operation between their respective security services, there is no top level organisation comparable with the NSA or the Chinese equivelent.


Thats only what they want you to think. ;)

Re:It boils down to... (2, Funny)

lurvdrum (456070) | more than 8 years ago | (#15515925)

In which case all one has to do to be secure is to encrypt using the Chinese standard, then re-encrypt using the US standard. I can't see the Chinese and the US sharing their backdoors!

Not so fast Sherlock... (5, Insightful)

bigmouth_strikes (224629) | more than 8 years ago | (#15515987)

There are no "backdoors" in standards, only in implementations.

Re:Not so fast Sherlock... (1)

TexasDex (709519) | more than 8 years ago | (#15516168)

Bzzt! WRONG!

Encryption standards can have mathematically exploitable weaknesses, either inadvertently or intentionally created. Don't believe me? Look up the kind of encryption used for WEP.

Re:Not so fast Sherlock... (1)

Eivind (15695) | more than 8 years ago | (#15516235)

It depends. In the case of AES, it's perfectly possible, if not very likely, that the NSA is aware of some weakness the rest of us doesn't know about. It's even possible they had a finger in subtly changing AES to deliberately have this weakness.

I don't find it particularily likely, but it's perfectly possible. And I'd definitely accept that as a backdoor. The typical definition of backdoor is something like deliberate hole in security, often put in by the designers and/or creators of the product in question.

An encryption-standard with a deliberate, undisclosed, weakness would qualify, or atleast I don't see any reason why you'd disqualify it.

Re:Not so fast Sherlock... (1)

dr_dank (472072) | more than 8 years ago | (#15516273)

There are no "backdoors" in standards, only in implementations.

I think Mr. Goatse would disagree with you.

Re:Not so fast Sherlock... (4, Informative)

quarkscat (697644) | more than 8 years ago | (#15516322)

Let's see what the real issues are:

IEEE / ISO standard == open standard
Chinese WAPI == closed standard

The Chinese government requires that any implimentor pay
licensing costs to China. If you want to embed their WAPI,
you must incorporate in China with a Chinese entity as the
majority shareholder. The questions become: "Does Intel
really want to make the Chinese government their "senior"
partner in chipset fabs, just to get WAPI embedded?"
"And considering the potential for Chinese government trojans
and/or backdoors in their WAPI code, would Intel risk losing
any /all of their Western government hardware sales by
adopting WAPI?"

Leveno quality control, as well as the increased potential for
trojans / backdoors in their software drivers, has already
made a negative impact on sales of IBM's former hardware
company.

Re:It boils down to... (0)

Anonymous Coward | more than 8 years ago | (#15515998)

The US wants its encryption to be the standard so they can use their backdoor.

The I in IEEE stands for International. 802.11i is an internationally ratified standard and China is pushing its own unpublished "standard". The chance of there being a deliberate back door in 802.11i is about as high as the chance of that the head of the MPAA will issue a personal apology to the Pirate Bay admins and buy them new servers.

Re:It boils down to... (4, Informative)

hengist (71116) | more than 8 years ago | (#15516147)

The I in IEEE stands for International.

It stands for Institute.

No current implementation? (5, Insightful)

LinuxGeek (6139) | more than 8 years ago | (#15515883)

From Wikipedia:
The WAPI standard requires the use of a symmetric encryption algorithm[1], SMS4, which was declassified in January 2006. The standard and its cryptographic implementation remain unpublished.


So the Chinese are pushing for a standard that no one can currently verify as being secure and then they get angry?

wireless encryption (2, Insightful)

56ker (566853) | more than 8 years ago | (#15515890)

There are already at least two wireless encryption formats I can think of. I don't see why adding a third is a problem. As China's economy is very much export-driven I can see how they'd be frustrated if the US attempted to thwart them getting their standard adopted as an international one.

Re:wireless encryption (4, Insightful)

LinuxGeek (6139) | more than 8 years ago | (#15515922)

See my message above yours. The Standard has not been published after being declassified in January 2006. No published code or theory of operation is available to you, me or 6 billion other people to verify that it is secure or that the spec may be secure but the reference source code may have serious bugs that effect the security. Maybe now you can "...see why adding a third is a problem..." and China knows very well why the standard is being rejected by other intelligent nations right now. It dosen't mean that it can't be a standard in the future, just not right now.

China also seems to be in love with the idea of the central server verifing the security between the client and AP. Centralized key serving scares me even when the implementation is known to be secure. The key servers in China will be controlled by whom?

Re:wireless encryption (1)

56ker (566853) | more than 8 years ago | (#15516039)

Yes but I would've thought that from the Chinese perspective the above makes it easier to protect what they probably view as a trade secret. I can understand them being unwilling to accept a standard that isn't properly defined.

China likes control in a lot of areas - take their censoring of the internet as a example. However the centralized server hopefully would rule out any "piggy in the middle" attacks where an attacker pretends to be the AP in an attempt to fool the client.

Re:wireless encryption (1)

mrchaotica (681592) | more than 8 years ago | (#15516183)

Are you kidding, or just stupid? The "centralized server" would be a built-in "piggy in the middle!" That's not just unacceptable, it's absurdly so!

Re:wireless encryption (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15516272)

What are you, a terrorist or something? What do you have to hide so much? If you did nothing wrong, you have nothing to worry about.

You whiny liberals complaining about Terrorist Surveilance and PATRIOT act are making me sick with your terrorism and traitor-ism. Let me tell you, you don't have any privacy when you are dead!

Why do all liberals hate America so much?

Re:wireless encryption (1)

56ker (566853) | more than 8 years ago | (#15516281)

OK as I'll reword what I wrote in an attempt to explain it better. Without the centralized server an attacker can spoof the access point in order to fool a client. If a key from a centralized server is also required it requires an attacker to both spoof the access point and to get the key from the centralized server (hopefully a more difficult task). Yes the centralized server leads to security concerns (eg the keys from it could be used to decrypt the encrypted traffic). However AFAIK the centralised server would be run by some trusted company (say in a similar way to the SSL certificates being signed) which would require law enforcement to follow a process (eg search warrant) before handing any keys over.

The only downside would be if the traffic was only encrypted with the key from the centralised server. If a combination of the centralized server's key and the access point's key was used it would make it more secure than the current system is (depending on the encryption scheme used).

Re:wireless encryption (1)

mrchaotica (681592) | more than 8 years ago | (#15516315)

The only secure means of key exchange is outside the system, e.g. in person. I'd prefer typing the key (or passphrase) in manually instead of using a centralized server any day!

censorship (5, Interesting)

kdougherty (772195) | more than 8 years ago | (#15515901)

I'm not trying to be negative, especially towards China... However, I would never accept a security concept from any government that filters and censors their country's internet. Seems like an oxymoron to me.

Re:censorship (2, Insightful)

Silver Sloth (770927) | more than 8 years ago | (#15516070)

How about one which monitors it's citizens telephone calls, or insists that it's ISP's hand over surfing details? I don't trust the Chinese either, but they're not the only villains on this stage.

Re:censorship (2, Interesting)

swb (14022) | more than 8 years ago | (#15516276)

I don't trust the Chinese either, but they're not the only villains on this stage.

That's kind of like saying because I've played catch with a baseball, I should be judged among the NY Yannkees.

Even if you add up all the villainy of the U.S. government over the last 55 years -- COINTELPRO, MKULTRA, NSA eavesdropping, and virtually everything the Bush administration has proposed, it still doesn't come close to the Chinese level of villainy.

Even if Tiananmen Sqaure was the only oppressive, murderous thing the Chinese have ever done -- and it isn't -- they would still be in a category of oppression and dictatorship that has only Stalinist Russia and Nazi Germany as peers.

The thing that frustrates me the most about the Bush Administration's "War on Freedom" isn't so much the invasion of privacy or the possible usurption of the constitution (although they are infuriating), it's the global and internal notion that we now have achieved some kind of oppression parity with the Chinese. When I hear this, I know it's just ignorance talking, but it still drives me mad that a level of snooping that's not even in the same league as every day corporate data mining or desktop spyware suddenly has people believing the U.S. government steals pages from Mao's playbook.

Re:censorship (1)

LinuxGeek (6139) | more than 8 years ago | (#15516154)

Exactly! A government that dosen't trust it's own people wants the world to trust it to make secure encryption with no published standards and trust that there are no back doors or flaws. And then to trust them to run the Chinese central key servers securely too. If there are serious flaws that they want to take advantage of, then it would seem logical that they would want to make WAPI mandatory (in China at least) too.

That is asking for a lot of trust from the rest of the world.

Re:censorship (1)

Spliffster (755587) | more than 8 years ago | (#15516297)

However, I would never accept a security concept from any government that filters and censors their country's internet. Seems like an oxymoron to me.
how about one which still has death penalties?

Tagged "stfu" (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15515915)

For great justice!

If China Does Not Like It. . . (1)

Apple Acolyte (517892) | more than 8 years ago | (#15515919)

. . . then China does not have to accept the standard for its domestic routers, right? What's the big deal?

Re:If China Does Not Like It. . . (2, Informative)

backwardMechanic (959818) | more than 8 years ago | (#15515957)

Selling stuff. Why restrict yourself to your home market when you can sell to the whole world? You've gotta think big.

I trust neither (4, Insightful)

Opportunist (166417) | more than 8 years ago | (#15515942)

I trust neither China nor the US to provide me with an encryption standard that protects my privacy. Neither government is known for their fondness of people's privacy.

If anything, a free and most of all open standard could win my heart. But as long as governments are involved, who have an inherent interest in snooping, I will not rely on their security only and use encryption that is under MY (or at least that of about a billion flaw-seekers worldwide) control.

Re:I trust neither (1)

Danathar (267989) | more than 8 years ago | (#15515965)

Umm..ok...the ISO/IEEE are not U.S. government. They get one vote like every other member.

Re:I trust neither (1)

NitsujTPU (19263) | more than 8 years ago | (#15516009)

Mmmmph. Such a standard would be openly published, for anybody to inspect. It would, in fact, be an open standard. That's why we have standards.

Re:I trust neither (2, Interesting)

kestasjk (933987) | more than 8 years ago | (#15516033)

It's always a possibility that Rijndael was chosen because the NSA noticed a vulnerability in the algorithm which the rest of the cryptanalyst community hasn't found, but it does seem (vanishingly) unlikely.

I trust Rijndael with my data for now, I've yet to see a good reason not to. Just because the NSA decided to adopt it doesn't make it vulnerable. The NSA adopted Linux too, does that make Linux vulnerable?

Re:I trust neither (1)

gkhan1 (886823) | more than 8 years ago | (#15516042)

Yes exactly! The NSA also developed the SHA hashing algorithms, and they are great even though there might be some trouble with SHA-1

Re:I trust neither (4, Informative)

dpilot (134227) | more than 8 years ago | (#15516146)

I seem to remember some old stories about the NSA and the DES standard.

The NSA pushed for a few changes in the standard, without divulging the reasons. Some thought it was to insert a backdoor or vulnerability. Years later, after the outside world developed more crypto expertise, the found that the NSA had actually closed a vulnerability that nobody else even knew about. If the NSA had a backdoor into DES, it was with hardware that could brute-force it.

Re:I trust neither (1)

Chandon Seldon (43083) | more than 8 years ago | (#15516156)

It's interesting to note that Rijndael was probably the weakest of the AES finalists.

Re:I trust neither (1)

klmth (451037) | more than 8 years ago | (#15516301)

Which certainly doesn't say a lot. All five finalists were solid designs. AES was chosen because it was fast to implement inboth software and hardware.

Re:I trust neither (1)

cygnusx (193092) | more than 8 years ago | (#15516282)

> I will not rely on their security only and use encryption that is under MY control

Actually, if 'they' really wanted to get your secrets and the benefit of doing so outweighed the risks of not following due process, they could and quite easily. Van Eck phreaking, surreptitious keylogger insertions when you aren't home, traffic analysis -- there are plenty of ways to get even encrypted secrets out.

And remember all of these techniques are also available to anyone interested enough in the private sector (organized crime, typically).

it's all about money (2, Insightful)

ezh (707373) | more than 8 years ago | (#15515952)

most of these 'standards' come with a lot of strings attached: implementation of certain pieces of technology, support infrastructure, etc. are patented. patents rule this world. wapi must be well-protected by chinese corporations, while its alternative is probably surrounded by a patent mind field that belongs to u.s. companies. it is all about money, as usual.

Erm (3, Insightful)

Turn-X Alphonse (789240) | more than 8 years ago | (#15515959)

China throws a hissy fit because it's standards not used? How is this new? It's standard practice to storm out if something you don't like happens. It disrupts the meeting and makes you get your way much easier. Every 4 year old kid can tell you this..

I don't trust China and I don't trust America, but last time I checked "offical" ment jackshit in the tech world. People will use what they deem is best and anything official will either be picked by geeks and become standard or it'll be dead within a few years and replaced by another standard untill geekdom kicks in.

Re:Erm (1)

Kosmik (980800) | more than 8 years ago | (#15515982)

Whatever made you think politicans were anything more than big kids with more dangerous toys.

And Apple is pushing... (5, Funny)

demongeek (977698) | more than 8 years ago | (#15515972)

i11.208, the white and user-friendly encryption that is so hip only the coolest will use it (or be able to afford it)..

I jest! I jest! *ducks*

Re:And Apple is pushing... (1)

zolaris (963926) | more than 8 years ago | (#15516119)

But the REAL question is can you encrypt something with only a click-wheel? And in a year will they come out with the i11.208 pico (half the size and 10 times the cipher block size)?

OOooodfjrfhghjg (1)

Konster (252488) | more than 8 years ago | (#15515975)

So code your own. WEP, WAP WIP WOP WUP fuckee doo, really.

This IS Slashdot, isn't it? Why is this news? :D

Winner! (0)

Anonymous Coward | more than 8 years ago | (#15515990)

WAP WIP WOP WUP fuckee doo

Any crypto standard with a name like that gets my vote.

Re:OOooodfjrfhghjg (1)

phillips321 (955784) | more than 8 years ago | (#15516004)

You forgot "WANER with a silent K"

Who represents the US? (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15515979)

Underhanded sneaky techniques, vilification, and half-truths used to prevent adoption of a competing standard... does that mean Microsoft is representing the US in these talks?

And then (-1, Flamebait)

Konster (252488) | more than 8 years ago | (#15515983)

How would they pronounce it?

Encliption? No really, this is a very serious question, please don't mod me down. :(

Hypocracy (3, Insightful)

tomstdenis (446163) | more than 8 years ago | (#15515997)

We're all upset that the Chinese want to introduce their closed-door proprietary standard...

But please, tell me, how many cryptographers were consulted BEFORE the design of WEP? I know of a few who worked on the implementation AFTER the design [e.g. when they couldn't change things]. WEP and WAP [and WiMAX and ...] are all essentially closed door standards. Even if you're in the SIG you're only one of many. And the many are usually NOT cryptographers so they'll basically vote for whatever turns into the least amount of VB.NET code for their Windows only drivers.

Like it's so fucking hard to get a shared-secret lossy communication medium secured... AES + CCM + proper rekeying == router that doesn't cost 69.95$ at Fry's but does == a wifi device you can trust.

Tom

Re:Hypocracy (1)

gkhan1 (886823) | more than 8 years ago | (#15516064)

You do know of this great protocol called Wi-Fi Protected Access, or WPA, don't you? You refer to something called WAP which I can only assume you mean to be the Wireless Application Protocol that cellphones use. Anyway, WPA is secure. It really is. Use a good password (25+ characters with some numbers and %"#&-characters) and there is not a force in the universe that can crack your password.

Re:Hypocracy (0)

Anonymous Coward | more than 8 years ago | (#15516083)

Since when is there Vb.Net code in drivers!?

Re:Hypocracy (1)

tomstdenis (446163) | more than 8 years ago | (#15516090)

Only explanation why a printer driver could be more than 10MB in size :-)

Driver writers are usually the lowest of the low in terms of programming ability.

Tom

Re:Hypocracy (2, Informative)

mrchaotica (681592) | more than 8 years ago | (#15516208)

No, the reason why printer drivers (in particular) are so big is that they have to recognize and refuse to print money, and put in tracable watermarks and stuff.

This "standard" is fucking ridiculous (5, Insightful)

WhiteWolf666 (145211) | more than 8 years ago | (#15516003)

You have to partner with a bloody Chinese company [theregister.co.uk] to build equipment based on it.

That's fucking ridiculous.

The standard is unpublished, and will not be published. It checks in security keys with a centralized Chinese government server.

I cannot imagine a world that would permit this to become an international standard, and if China insists on all equipment manufactured within its borders to have this technology it'll just push electronics manufacturing out of China.

For a long time, people have predicted that the heavy hand of the Chinese government will one day disrupt the economic boom happening there. I hope to god not; an unstable, economically volatile China sounds like a nightmare to me.

Sounds a lot like DPRK (4, Funny)

amightywind (691887) | more than 8 years ago | (#15516126)

...a lot of dirty tricks including deception, misinformation, confusion and reckless charging to lobby against WAPI.

I think China and North Korea use the same publicist.

Re:Sounds a lot like DPRK (1)

rehashed (948690) | more than 8 years ago | (#15516269)

And I think that sounds like the spin prior to the war in Iraq.

Poor diplomacy is counterproductive (4, Insightful)

mclaincausey (777353) | more than 8 years ago | (#15516145)

If China wants to be heard in the international community, then they should participate in other global standards, or should have opened up the design and devlopment process of WAPI to either participation or scrutiny. They developed the standard knowing that their was an international effort (NOT American) to come up with the next generation of WLAN encryption, so I have no sympathy for the wasted effort at this stage. If China wants to effectively participate in the global standards game, they should, for instance, start a Common Criteria scheme and become a signatory country. It seems to this casual observer that China often likes to go it alone wrt standards, and when they suddenly start blustering about this international community not subscribing to their arbitrary standard is ridiculous. Why should the IEEE's efforts be thrown out? They lost the vote. They can complain about the vote being rigged or unfair, but a voting system is the closest approximation to a fair way of determining next-gen standards. I hear voting isn't so popular over in China though.

Re:Poor diplomacy is counterproductive (1)

crawling_chaos (23007) | more than 8 years ago | (#15516330)

Perhaps it is because in the developed world our "ideal" standard is something developed by consensus, whereas in China the "ideal" standard is to do what the government tells you and shut up already? That would lead to two competing styles of negotiation, one where differences are worked out, and another where, in the absence of an ability to simply arrest everyone who disagrees with you and use them for spare parts in your state run organ farms, the only option is to walk out in a huff?

And yes, it worries me that the US is sliding more and more toward the Chinese ideal.

Raises interesting question (3, Insightful)

HangingChad (677530) | more than 8 years ago | (#15516191)

What if some day the Chinese decided that they're not going to produce devices that don't meet their standards? So far it hasn't been a problem but if the government decided all Chinese factories were going to produce routers with China-Fi encryption, that's what they'd produce.

And since they own all our manufacturing capacity, there would be little we could do about it. It would take years to tool up enough manufacturing to replace everything we depend on them to produce.

I guess being dependent on foreign oil wasn't good enough. We had to match that folly by sending our component manufacturing overseas as well.

Why do they need a separate encryption standard (3, Funny)

k1980pc (942645) | more than 8 years ago | (#15516203)

when Mandarin or Cantonese is equally or more effective :)

It's actually very simple (1)

rewter (189441) | more than 8 years ago | (#15516216)

It's actually very simple. Here's what they need to do in two simple steps:

1. They should tell all manufacturers of WLAN equipment that are based in China (90% or so of all wlan manufacturers) to implement WAPI (remember, they are in China so they have to do what their government asks them to or they will be down. Oh wait, it's not very much different in USA anyway.).

2. They should tell all manufacturers of WLAN equipment that are based in China to drop support for 802.11i, or whatever else shouldn't be there.

Now, after about a year or so they will have a de facto wireless encryption standard named WAPI. Like it or not, that's the most efficient way to do this.

I guess the Chinese aren't good diplomats (1)

m874t232 (973431) | more than 8 years ago | (#15516318)

I suspect lots of companies and people would have liked to stick it to the IEEE and Linksys, and if the Chinese had prepared their position well, negotiated carefully, and put in a good proposal for an open, patent-unencumbered, well-tested, and clean encryption standard, they could have won this debate.

I don't know what exactly they actually did, but from the strongly negative reactions, I'm concluding that they must have failed on not just one, but several of these points.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?