[IP] China Mandates Closed Security Standard Boingo Wi-Fi Insider for Tuesday, February 3, 2004
China Mandates Closed Security Standard
The Wi-Fi Alliance and IEEE were apparently taken by surprise when the
Chinese government's regulatory arm announced that only devices that
included WAPI (Wired Authentication and Privacy Infrastructure) would be
legal to sell in China after Dec. 1, 2003.
That was the first most companies and individuals had heard of WAPI, which
is a home-grown replacement for the broken WEP (Wired Equivalent Privacy)
standard that in the rest of the world is being replaced by WPA (Wi-Fi
Protected Access) and IEEE 802.11i (due to be finished in 2004).
The Chinese apparently didn't want to wait for WPA or 802.11i, and have
mandated WAPI on new equipment. Existing gear doesn't have to be trashed,
and companies with contracts to deliver equipment that extended past Dec. 1
were allowed to continue to deliver it.
Only a handful of Chinese companies are licensed to include WAPI in their
equipment, which may force non-Chinese vendors to partner to continue to
sell into a growing market.
What's worse, WAPI is confidential. It hasn't been openly discussed or
tested, and given the nature of China's monitoring of other forms of
communication, it's likely that the standard includes a method for
interception of ostensibly encrypted traffic.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/