Chinese WAPI protocol?

[David Wagner]

Richard Salz <rsalz at us.ibm.com> wrote:
>Today in slashdot (http://it.slashdot.org/it/06/06/12/0710232.shtml) there 
>was an article about China wanting to get WAPI accepted as a new wireless 
>security standard.  Has anyone looked at it?

Adam Perez wrote:
>I have not looked at WAPI, but they have been trying to get it approved
>for a number of years, check out <http://en.wikipedia.org/wiki/WAPI>
>(has link to algorithm) and
><http://www.foxnews.com/story/0,2933,199082,00.html>.

As far as I can tell, WAPI (the Chinese proposal) uses proprietary
unpublished cryptographic algorithms.  The specification is secret
and confidential.  It uses the SMS4 block cipher, which is secret and
patented. [*]

I don't think that makes any sense, from a security point of view.
That's what got the 802.11 folks in trouble the last time.  If the
authors of WAPI won't make their spec and their algorithms, there is no
basis for trust in their scheme.  This is no way to design a standard,
and from the outside, it looks like adopting WAPI would be unwise.  It
was a bad idea the last time it was proposed, and it's still a bad idea.

Frankly, it's disappointing that any proposal that involves use of secret
homebrew crypto would be taken even the slightest bit seriously, no matter
what country's government is pushing it.  From a technical point of view,
it sounds like something that should have been rejected with prejudice
long ago.


[*] Contrary to what Adam Perez's email might suggest, Wikipedia does
not have a link to a specification of SMS4 or of WAPI.  Wikipedia has
an entry for SMS4, but about all it says is that not much is publicly
known about SMS4.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com