Chinese WAPI protocol?

Eastlake III Donald-LDE008 Donald.Eastlake at motorola.com
Tue Jun 13 12:08:39 EDT 2006 

The whole WAPI situation is much more complicated than the secrecy or
openness of the SMS4 algorithm. For the view from IEEE 802.11, see
http://grouper.ieee.org/groups/802/11/WAPI/wapi-documents.html.

Generally speaking, China seems to like 802.16 (WiMax), which is based
on the cell phone model with relatively big expensive central stations
providing service, much more than it likes the more distributed 802.11
(Wi-Fi) model.

To just touch briefly on the history, it looks to me like WAPI was one
of the many academic proposals to fix WEP, in this case at Xian
University, but then it got linked up with some local companies and then
got huge high level political backing from the Chinese government. It is
not particularly that it provides bad security (assuming the security of
the basic block cipher, etc.) but that it fits into the standards
process like a square peg in a round hole. The first version of WAPI
only provided unicast data security. There was no broadcast security at
all. It also failed for provide any network management hooks such as
MIBs. The Chinese have twice made major revisions to WAPI, partly by
cutting and pasting material form 802.11i. But the whole idea of the
fast track ballot is that it is for the approval of mature polished
standards that have been deployed. Over 125 million chip sets supporting
802.11i were shipped in calendar 2005. As far as anyone can tell, at
most a few thousand units supporting some version of WAPI have ever been
built.

WAPI didn't mandate SMS4 except in China. It says that each country gets
to choose the algorithm for use in that country. Since the rest of the
world is clearly going with 802.11i/AES, this would greatly increase the
complexity of units that could roam in and out of China.

WAPI uses a gratuitous new certificate format, rather than X.509v3, and
specifies a new authentication method that you have to use which only
supports these certificates, while 802.11i just uses 802.1X and EAP so a
wide variety of methods, including X.509v3 certificate based, are
available. General new authentication methods are out of scope for 802.
There is talk of China proposing the WAPI Authentication Method for
802.16, which is further evidence that it should be define elsewhere
rather than defined in an amendment to 802.11.

I could go on at great length about all this but let me just finish by
saying that the people in 802.11 genuinely want to get China inside the
802.11 process so they can contribute to and influence future 802.11
standards. Outside amendments to 802.11 like WAPI are neither backward
nor forward compatible. WAPI does not take into account the huge amount
of work going on right now in 802.11 (802.11r=Fast Roaming, 802.11s=Mesh
Networking, 802.11w=Protected Management Frames, 802.11k=Radio Resources
Management, 802.11v=Network Management, etc.) and it is hard in a number
of dimensions for the 802.11 process to take into account an outside
amendment in its future work. (Timeline of 802.11 work, past and
present: http://grouper.ieee.org/groups/802/11/802.11_Timelines.htm).

Donald


-----Original Message-----
From: owner-cryptography at metzdowd.com
[mailto:owner-cryptography at metzdowd.com] On Behalf Of RL 'Bob' Morgan
Sent: Tuesday, June 13, 2006 2:49 AM
To: David Wagner
Cc: cryptography at metzdowd.com
Subject: Re: Chinese WAPI protocol?


On Mon, 12 Jun 2006, David Wagner wrote:

> As far as I can tell, WAPI (the Chinese proposal) uses proprietary 
> unpublished cryptographic algorithms.  The specification is secret and

> confidential.  It uses the SMS4 block cipher, which is secret and 
> patented. [*]

According to a legal friend who studies this area, it has been common
practice for quite a while for the Chinese to require the licensing of
Chinese-developed technology in many industrial areas in order for
companies to have access to the market.  WAPI reportedly led to the
highest-level conflict with US companies about this practice.

  - RL "Bob"


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list