The whole WAPI situation is much more complicated than the secrecy or openness of the SMS4 algorithm. For the view from IEEE 802.11, see http://grouper.ieee.org/groups/802/11/WAPI/wapi-documents.html.
Generally speaking, China seems to like 802.16 (WiMax), which is based on the cell phone model with relatively big expensive central stations providing service, much more than it likes the more distributed 802.11 (Wi-Fi) model. To just touch briefly on the history, it looks to me like WAPI was one of the many academic proposals to fix WEP, in this case at Xian University, but then it got linked up with some local companies and then got huge high level political backing from the Chinese government. It is not particularly that it provides bad security (assuming the security of the basic block cipher, etc.) but that it fits into the standards process like a square peg in a round hole. The first version of WAPI only provided unicast data security. There was no broadcast security at all. It also failed for provide any network management hooks such as MIBs. The Chinese have twice made major revisions to WAPI, partly by cutting and pasting material form 802.11i. But the whole idea of the fast track ballot is that it is for the approval of mature polished standards that have been deployed. Over 125 million chip sets supporting 802.11i were shipped in calendar 2005. As far as anyone can tell, at most a few thousand units supporting some version of WAPI have ever been built. WAPI didn't mandate SMS4 except in China. It says that each country gets to choose the algorithm for use in that country. Since the rest of the world is clearly going with 802.11i/AES, this would greatly increase the complexity of units that could roam in and out of China. WAPI uses a gratuitous new certificate format, rather than X.509v3, and specifies a new authentication method that you have to use which only supports these certificates, while 802.11i just uses 802.1X and EAP so a wide variety of methods, including X.509v3 certificate based, are available. General new authentication methods are out of scope for 802. There is talk of China proposing the WAPI Authentication Method for 802.16, which is further evidence that it should be define elsewhere rather than defined in an amendment to 802.11. I could go on at great length about all this but let me just finish by saying that the people in 802.11 genuinely want to get China inside the 802.11 process so they can contribute to and influence future 802.11 standards. Outside amendments to 802.11 like WAPI are neither backward nor forward compatible. WAPI does not take into account the huge amount of work going on right now in 802.11 (802.11r=Fast Roaming, 802.11s=Mesh Networking, 802.11w=Protected Management Frames, 802.11k=Radio Resources Management, 802.11v=Network Management, etc.) and it is hard in a number of dimensions for the 802.11 process to take into account an outside amendment in its future work. (Timeline of 802.11 work, past and present: http://grouper.ieee.org/groups/802/11/802.11_Timelines.htm). Donald -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of RL 'Bob' Morgan Sent: Tuesday, June 13, 2006 2:49 AM To: David Wagner Cc: cryptography@metzdowd.com Subject: Re: Chinese WAPI protocol? On Mon, 12 Jun 2006, David Wagner wrote: > As far as I can tell, WAPI (the Chinese proposal) uses proprietary > unpublished cryptographic algorithms. The specification is secret and > confidential. It uses the SMS4 block cipher, which is secret and > patented. [*] According to a legal friend who studies this area, it has been common practice for quite a while for the Chinese to require the licensing of Chinese-developed technology in many industrial areas in order for companies to have access to the market. WAPI reportedly led to the highest-level conflict with US companies about this practice. - RL "Bob" --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]