Forgot your password?
typodupeerror

China Frustrated In Encryption Talks 252

Posted by Zonk
from the can't-always-get-what-we-want dept.
mikesd81 writes "According to an AP article, the Chinese are pushing for the encryption standard called WAPI. It's not going so well, as the majority of countries are taking the IEEE standard 802.11i. From the article: 'An international dispute over a wireless computing standard took a bitter turn this past week with the Chinese delegation walking out of a global meeting to discuss the technology. The delegation's walkout from Wednesday's opening of a two-day meeting in the Czech Republic escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that a U.S.-based standards body used underhanded tactics to prevent global approval of WAPI.'"
This discussion has been archived. No new comments can be posted.

China Frustrated In Encryption Talks

Comments Filter:
  • by damburger (981828) on Monday June 12, 2006 @06:53AM (#15515879)
    Isn't it possible the Chinese could be pushing an encryption standard because they know a flaw in it they can exploit?
    • by prefect42 (141309) on Monday June 12, 2006 @06:56AM (#15515884)
      But the US is too lovely and Christian to do the same?
      • by Anonymous Coward on Monday June 12, 2006 @08:39AM (#15516193)
        It's got nothing to do with the US being better than China - the Chinese delegation is trying to portray it as a national issue, but actually it's about open standards. 802.11i is a published, peer-reviewed standard based on published, peer-reviewed encryption algorithms. In fact the driving force behind 802.11i is the flaws that were found in 802.11b by people outside the IEEE [ucl.ac.uk]. If 802.11b had been a closed-book standard like WAPI, those flaws would still have existed but they might never have been made public.
    • by Tom Womack (8005) <tom@womack.net> on Monday June 12, 2006 @06:56AM (#15515887) Homepage
      It is entirely conceivable, made more so by the enormous Chinese reticence to publish the SMS4 encryption algorithm they're using and to open it to international review.

      AES versus a Chinese government-approved algorithm which you can only get a specification for by agreeing to partner with one of eleven Chinese firms is not a difficult decision.
    • by ronanbear (924575) on Monday June 12, 2006 @07:27AM (#15515964)
      Too paranoid is sorta an oxymoron on subjects like these.

      In fairness, the Chinese could have a legitimate reason to want their own encryption standard: they own the IP on it. Down the road there could be quite large licensing costs on 802.11n devices. Since this would be an area where the chinese would have the same cost base (for export) it would have the effect of making chinese router exporters less competitive relatively speaking. They would both be funding their rivals and any cost savings they could make in manufacturing would make up a smaller proportion of the cost of the device.

      The actual effectiveness (or lack thereof) of the encryption might be as irrelevant as it is in many standards conflicts.

      • by DNS-and-BIND (461968) on Monday June 12, 2006 @07:42AM (#15516001) Homepage
        Uh...licensing costs? They just steal it. It's standard operating procedure. Seriously.

        Just this weekend, I was at the local expo at my city here in China (I'm an expat). I open up their little guide magazine that comes with the gift bag and city map. Inside, I find content ripped off directly from my own website (I run the local English-language city guide). It's stuff that I wrote, and the freaking government copied it. Of course, there was no use complaining - what am I going to do, sue?

        • by mrchaotica (681592) * on Monday June 12, 2006 @08:21AM (#15516135)

          They have to legitimately pay for licenses on anything they manufacture and import into the US. The grandparent poster's theory is that they want to give their router manufacturers a competitive advantage, because otherwise they have to pay the same license fee as everyone else and can't undercut the competition as much.

        • Don't be naive: just because the Chinese don't play by the rules domestically says nothing about whether they will expect other people to play by them with regards to their IP.

          I fully expect that if their product was made the standard, and some Western nation started ripping it off without paying the licensing fees, the PRC would throw a full-on diplomatic/economic hissy fit. In exchange for royalties, they would agree to consider, in principle, someday, perhaps soon, to appoint a minister to draft a paper
        • I just want to point out:

          It's not stealing, it's infringing.

          And it may not even be infringing because China is not a member of the Berne convention. They do not have copyright in the way that western countries do. I'm not overly familiar with Chinese laws, so I don't know if what they do is illegal. But I suspect not.

          As an expat in a foreign country, you should be aware that there are foreign laws.
        • by Anonymous Coward
          Put some misteaks in your website just to embarass them.
      • > Too paranoid is sorta an oxymoron on subjects like these.

        Uh..it's not, unless you can somehow demonstrate that "too" and "paranoid" are in some way contradictory.

  • It boils down to... (Score:5, Interesting)

    by QuietLagoon (813062) on Monday June 12, 2006 @06:54AM (#15515880)
    ...who can crack whose encryption.

    The Chinese want their encryption to be the standard so that they can use their backdoor.

    The US wants its encryption to be the standard so they can use their backdoor.

    • In which case all one has to do to be secure is to encrypt using the Chinese standard, then re-encrypt using the US standard. I can't see the Chinese and the US sharing their backdoors!
    • by bigmouth_strikes (224629) on Monday June 12, 2006 @07:35AM (#15515987) Journal
      There are no "backdoors" in standards, only in implementations.
      • Bzzt! WRONG!

        Encryption standards can have mathematically exploitable weaknesses, either inadvertently or intentionally created. Don't believe me? Look up the kind of encryption used for WEP.

      • It depends. In the case of AES, it's perfectly possible, if not very likely, that the NSA is aware of some weakness the rest of us doesn't know about. It's even possible they had a finger in subtly changing AES to deliberately have this weakness.

        I don't find it particularily likely, but it's perfectly possible. And I'd definitely accept that as a backdoor. The typical definition of backdoor is something like deliberate hole in security, often put in by the designers and/or creators of the product in quest

        • by jdhutchins (559010) on Monday June 12, 2006 @09:44AM (#15516471)
          It's also possible the NSA knew of some weakness, and then subtly changed the algorithm to fix it. The NSA's internal research is possibly many, many years ahead of the rest of the world's research. IIRC, when DES was being developed, the NSA made some changed to it, but didn't say why. Years later, when differential cryptography was invented/discovered, the NSA's changes made perfect sense because it made the algorithm resistant to many of those types of attacks.
          • NSA's internal research is possibly many, many years ahead of the rest of the world's research.

            The general concensus is that the NSA is pretty much on-par with the commercial and academic community. They may be slightly ahead, but they certainly aren't years ahead, as used-to be the case.
        • In the case of AES, it's perfectly possible, if not very likely, that the NSA is aware of some weakness the rest of us doesn't know about. It's even possible they had a finger in subtly changing AES to deliberately have this weakness.

          I actually think that's incredibly unlikely, because AES is approved for use in protecting classified information. The NSA is smart enough to know that if they were to put a backdoor in, someone would eventually discover it, quite possibly someone from an enemy intelligence
          • Unless offcourse the backdoor was mathemathically proven to be only usable by knowing some secret key used while generating the backdoor.

            In other words, it could be that encrypting with AES and one secret key in reality is equivalent to encrypting with two different secret keys, one of which NSA holds.

            I agree this is mindbogglingly unlikely.

      • There are no "backdoors" in standards, only in implementations.

        I think Mr. Goatse would disagree with you.
      • by quarkscat (697644) on Monday June 12, 2006 @09:11AM (#15516322)
        Let's see what the real issues are:

        IEEE / ISO standard == open standard
        Chinese WAPI == closed standard

        The Chinese government requires that any implimentor pay
        licensing costs to China. If you want to embed their WAPI,
        you must incorporate in China with a Chinese entity as the
        majority shareholder. The questions become: "Does Intel
        really want to make the Chinese government their "senior"
        partner in chipset fabs, just to get WAPI embedded?"
        "And considering the potential for Chinese government trojans
        and/or backdoors in their WAPI code, would Intel risk losing
        any /all of their Western government hardware sales by
        adopting WAPI?"

        Leveno quality control, as well as the increased potential for
        trojans / backdoors in their software drivers, has already
        made a negative impact on sales of IBM's former hardware
        company.
        • Ohhh, so the chinese are trying to bully their way into the wireless industry in an incredibly obvious and poorly negotiated way, and when they failed, they went crying excusionism and stomping their feet and pouting.

          See me not give a flying rat's ass.
      • Nonsense.

        If the standard requires the use of a particular series of S-boxes or other operations that are known by the inventor to permit a particularly effective cryptoanalysis, then the standard has a backdoor. It is likely easier to build these into the algorithm than to discover them as a reviewer.

        Additional backdoors could be part of a particular implementation, of course.
    • I would have mod'd my message as funny.
    • The proper solution is to use a multipass encryption. First encrypt using the chinese standard, then re-encrypt using the american one, the beligian one, the iranian one, etc. That way, you'd need to know a backdoor to every encryption scheme used to access the data. Only a minuscle number of quintuple-agents would know all the backdoors, and they can't use this knowledge out of fear of compromising themselves.
    • Um, so include both, that way the Chinese and US governments would have to agree before using both sets of backdoors to get into that info. For minor privacy issues, that should be "good enough". The few things that I could envision the US and Chinese governments agreeing on something, I'd really, really hope that they actually have a backdoor to use though. What's it really matter to slashdot anyway? Don't we use our own set of encryption on top of the built-in encryption? That just makes sense.
  • by LinuxGeek (6139) * <djand@nc.gmail@com> on Monday June 12, 2006 @06:56AM (#15515883)
    From Wikipedia:
    The WAPI standard requires the use of a symmetric encryption algorithm[1], SMS4, which was declassified in January 2006. The standard and its cryptographic implementation remain unpublished.


    So the Chinese are pushing for a standard that no one can currently verify as being secure and then they get angry?
    • ...and, uh, symmetric?

      For quite a few applications, that's enough to deep six SMS4 right there.

      Presuming an area full of sniffers, is there much doubt as to the safer choice between published asymmetric and unpublished symmetric?

      It's nice that people worry so much about them getting into a snit & walking out of a meeting. I mean, it's not like anyone could just go ahead & make decisions without their input, could they?
      • AES is symmetric too (as was DES before it). Although asymmetric is "stronger", it is very slow. So usually you use asymmetric encryption to negotiate a symmetric key for the communication session. This is what SSL does and it's considered secure (in 128 bit symmetric mode).
        • Indeed. And I would argue with the idea that asymmetric ciphers are inherently "stronger". In the end, the strength is in the algorithm used combined with the key size chosen. The two models exist because they fill different roles, not because one is inherently better than the other.
  • by 56ker (566853)
    There are already at least two wireless encryption formats I can think of. I don't see why adding a third is a problem. As China's economy is very much export-driven I can see how they'd be frustrated if the US attempted to thwart them getting their standard adopted as an international one.
    • by LinuxGeek (6139) * <djand@nc.gmail@com> on Monday June 12, 2006 @07:10AM (#15515922)
      See my message above yours. The Standard has not been published after being declassified in January 2006. No published code or theory of operation is available to you, me or 6 billion other people to verify that it is secure or that the spec may be secure but the reference source code may have serious bugs that effect the security. Maybe now you can "...see why adding a third is a problem..." and China knows very well why the standard is being rejected by other intelligent nations right now. It dosen't mean that it can't be a standard in the future, just not right now.

      China also seems to be in love with the idea of the central server verifing the security between the client and AP. Centralized key serving scares me even when the implementation is known to be secure. The key servers in China will be controlled by whom?
      • Yes but I would've thought that from the Chinese perspective the above makes it easier to protect what they probably view as a trade secret. I can understand them being unwilling to accept a standard that isn't properly defined.

        China likes control in a lot of areas - take their censoring of the internet as a example. However the centralized server hopefully would rule out any "piggy in the middle" attacks where an attacker pretends to be the AP in an attempt to fool the client.

        • Are you kidding, or just stupid? The "centralized server" would be a built-in "piggy in the middle!" That's not just unacceptable, it's absurdly so!
          • OK as I'll reword what I wrote in an attempt to explain it better. Without the centralized server an attacker can spoof the access point in order to fool a client. If a key from a centralized server is also required it requires an attacker to both spoof the access point and to get the key from the centralized server (hopefully a more difficult task). Yes the centralized server leads to security concerns (eg the keys from it could be used to decrypt the encrypted traffic). However AFAIK the centralised serve
            • The only secure means of key exchange is outside the system, e.g. in person. I'd prefer typing the key (or passphrase) in manually instead of using a centralized server any day!
  • censorship (Score:4, Interesting)

    by kdougherty (772195) on Monday June 12, 2006 @07:02AM (#15515901)
    I'm not trying to be negative, especially towards China... However, I would never accept a security concept from any government that filters and censors their country's internet. Seems like an oxymoron to me.
    • Re:censorship (Score:2, Insightful)

      by Silver Sloth (770927)
      How about one which monitors it's citizens telephone calls, or insists that it's ISP's hand over surfing details? I don't trust the Chinese either, but they're not the only villains on this stage.
      • Re:censorship (Score:3, Interesting)

        by swb (14022)
        I don't trust the Chinese either, but they're not the only villains on this stage.

        That's kind of like saying because I've played catch with a baseball, I should be judged among the NY Yannkees.

        Even if you add up all the villainy of the U.S. government over the last 55 years -- COINTELPRO, MKULTRA, NSA eavesdropping, and virtually everything the Bush administration has proposed, it still doesn't come close to the Chinese level of villainy.

        Even if Tiananmen Sqaure was the only oppressive, murderous thing the
        • Thank you and well said.

          I think that, particularly here on Slashdot, but also among people of a certain demographic and political orientation in general, we risk sometimes losing sight of the forest for all the trees. That is to say, we're so aware of and infuriated by the relatively minor invasions of our privacy by our government here in the U.S., that we fail to put it in perspective and see that there are many places on this planet where the level of government interference in a private citizen's life i
    • Exactly! A government that dosen't trust it's own people wants the world to trust it to make secure encryption with no published standards and trust that there are no back doors or flaws. And then to trust them to run the Chinese central key servers securely too. If there are serious flaws that they want to take advantage of, then it would seem logical that they would want to make WAPI mandatory (in China at least) too.

      That is asking for a lot of trust from the rest of the world.
    • I was thinking of posting something like this. Something like "I am sure the Chinese spec has monitoring backdoors in it known only to the Chinese govt". I'd say this because I'd be implying that whatever the US is in favor of wouldn't have such drawbacks.

      Except I don't think it's reasonable to think or say such a thing in light of recent events in the US, which is a shame.

  • I trust neither (Score:5, Insightful)

    by Opportunist (166417) on Monday June 12, 2006 @07:18AM (#15515942)
    I trust neither China nor the US to provide me with an encryption standard that protects my privacy. Neither government is known for their fondness of people's privacy.

    If anything, a free and most of all open standard could win my heart. But as long as governments are involved, who have an inherent interest in snooping, I will not rely on their security only and use encryption that is under MY (or at least that of about a billion flaw-seekers worldwide) control.
    • Umm..ok...the ISO/IEEE are not U.S. government. They get one vote like every other member.
    • Mmmmph. Such a standard would be openly published, for anybody to inspect. It would, in fact, be an open standard. That's why we have standards.
      • Re:I trust neither (Score:3, Informative)

        by Kadin2048 (468275)

        Such a standard would be openly published, for anybody to inspect. It would, in fact, be an open standard. That's why we have standards.

        So ... basically ... like 802.11i, the proposed standard by the IEEE, and AES, which is at its core? And not like the Chinese standard?

        You can download the IEEE spec here: http://standards.ieee.org/getieee802/download/802. 11i-2004.pdf [ieee.org]. You're not allowed to modify or distribute it, and the IEEE retains copyright, but you can download, read, inspect, and archive it. That's

    • Re:I trust neither (Score:3, Interesting)

      by kestasjk (933987)
      It's always a possibility that Rijndael was chosen because the NSA noticed a vulnerability in the algorithm which the rest of the cryptanalyst community hasn't found, but it does seem (vanishingly) unlikely.

      I trust Rijndael with my data for now, I've yet to see a good reason not to. Just because the NSA decided to adopt it doesn't make it vulnerable. The NSA adopted Linux too, does that make Linux vulnerable?
      • Yes exactly! The NSA also developed the SHA hashing algorithms, and they are great even though there might be some trouble with SHA-1
      • Re:I trust neither (Score:5, Informative)

        by dpilot (134227) on Monday June 12, 2006 @08:24AM (#15516146) Homepage Journal
        I seem to remember some old stories about the NSA and the DES standard.

        The NSA pushed for a few changes in the standard, without divulging the reasons. Some thought it was to insert a backdoor or vulnerability. Years later, after the outside world developed more crypto expertise, the found that the NSA had actually closed a vulnerability that nobody else even knew about. If the NSA had a backdoor into DES, it was with hardware that could brute-force it.
        • Re:I trust neither (Score:2, Interesting)

          by Pale Dude (619947)
          That is one clever piece of NSA-misinformation. Fairly standard for NSA though. And you bought it.
          • Actually, it makes perfect sense: it in fact makes more sense than the backdoor explanation ever did, or does. The NSA made changes to the algorithm, which obviously made a lot of people suspicious (if they had wanted to backdoor it, why be so obvious about making changes? Why not just plant a compromised algorithm from Day 1 and play dumb?); more suspicious was their lack of information about the changes. In retrospect, they couldn't say anything about the changes because it had to do with a method of cry
          • Re:I trust neither (Score:3, Informative)

            by Surt (22457)
            http://www.schneier.com/blog/archives/2004/10/the_ legacy_of_d.html [schneier.com]

            Of course, this assumes that Bruce Schneier is not an NSA stooge.
      • It's interesting to note that Rijndael was probably the weakest of the AES finalists.

        • Which certainly doesn't say a lot. All five finalists were solid designs. AES was chosen because it was fast to implement inboth software and hardware.
    • Well, at some point you've got to trust someone. How do you know the free and open method wasn't developed by a foreign government, your own government, or anyone else who already knows its weakness and can exploit it? And what better way to get millions of people using your product than to introduce it as a new public standard? Are you going to review the algorithms and mathematical theory behind them, or will you just assume that someone else will? From your "few billion flaw-seekers" statement, I wil
  • by ezh (707373)
    most of these 'standards' come with a lot of strings attached: implementation of certain pieces of technology, support infrastructure, etc. are patented. patents rule this world. wapi must be well-protected by chinese corporations, while its alternative is probably surrounded by a patent mind field that belongs to u.s. companies. it is all about money, as usual.
  • Erm (Score:4, Insightful)

    by Turn-X Alphonse (789240) on Monday June 12, 2006 @07:25AM (#15515959) Journal
    China throws a hissy fit because it's standards not used? How is this new? It's standard practice to storm out if something you don't like happens. It disrupts the meeting and makes you get your way much easier. Every 4 year old kid can tell you this..

    I don't trust China and I don't trust America, but last time I checked "offical" ment jackshit in the tech world. People will use what they deem is best and anything official will either be picked by geeks and become standard or it'll be dead within a few years and replaced by another standard untill geekdom kicks in.
    • by flooey (695860)
      I don't trust China and I don't trust America, but last time I checked "offical" ment jackshit in the tech world.

      The difference is between hardware and software. In software, that's largely true, but in hardware the reverse is often true. Hardware isn't patched or updated frequently (often never), so you need to make sure that your hardware works with the other guy's hardware at the time that they're both made at the factory. There's also a big lead time you need on selling hardware; if the "next big
  • by demongeek (977698) on Monday June 12, 2006 @07:29AM (#15515972)
    i11.208, the white and user-friendly encryption that is so hip only the coolest will use it (or be able to afford it)..

    I jest! I jest! *ducks*
  • So code your own. WEP, WAP WIP WOP WUP fuckee doo, really.

    This IS Slashdot, isn't it? Why is this news? :D
  • Hypocracy (Score:4, Insightful)

    by tomstdenis (446163) <tomstdenisNO@SPAMgmail.com> on Monday June 12, 2006 @07:38AM (#15515997) Homepage
    We're all upset that the Chinese want to introduce their closed-door proprietary standard...

    But please, tell me, how many cryptographers were consulted BEFORE the design of WEP? I know of a few who worked on the implementation AFTER the design [e.g. when they couldn't change things]. WEP and WAP [and WiMAX and ...] are all essentially closed door standards. Even if you're in the SIG you're only one of many. And the many are usually NOT cryptographers so they'll basically vote for whatever turns into the least amount of VB.NET code for their Windows only drivers.

    Like it's so fucking hard to get a shared-secret lossy communication medium secured... AES + CCM + proper rekeying == router that doesn't cost 69.95$ at Fry's but does == a wifi device you can trust.

    Tom
    • You do know of this great protocol called Wi-Fi Protected Access, or WPA, don't you? You refer to something called WAP which I can only assume you mean to be the Wireless Application Protocol that cellphones use. Anyway, WPA is secure. It really is. Use a good password (25+ characters with some numbers and %"#&-characters) and there is not a force in the universe that can crack your password.
    • I think that there is a difference between hypocrisy and not repeating your mistakes.

  • You have to partner with a bloody Chinese company [theregister.co.uk] to build equipment based on it.

    That's fucking ridiculous.

    The standard is unpublished, and will not be published. It checks in security keys with a centralized Chinese government server.

    I cannot imagine a world that would permit this to become an international standard, and if China insists on all equipment manufactured within its borders to have this technology it'll just push electronics manufacturing out of China.

    For a long time, people have predicted that the heavy hand of the Chinese government will one day disrupt the economic boom happening there. I hope to god not; an unstable, economically volatile China sounds like a nightmare to me.
  • by amightywind (691887) on Monday June 12, 2006 @08:19AM (#15516126) Journal

    ...a lot of dirty tricks including deception, misinformation, confusion and reckless charging to lobby against WAPI.

    I think China and North Korea use the same publicist.

  • by mclaincausey (777353) on Monday June 12, 2006 @08:24AM (#15516145) Homepage
    If China wants to be heard in the international community, then they should participate in other global standards, or should have opened up the design and devlopment process of WAPI to either participation or scrutiny. They developed the standard knowing that their was an international effort (NOT American) to come up with the next generation of WLAN encryption, so I have no sympathy for the wasted effort at this stage. If China wants to effectively participate in the global standards game, they should, for instance, start a Common Criteria scheme and become a signatory country. It seems to this casual observer that China often likes to go it alone wrt standards, and when they suddenly start blustering about this international community not subscribing to their arbitrary standard is ridiculous. Why should the IEEE's efforts be thrown out? They lost the vote. They can complain about the vote being rigged or unfair, but a voting system is the closest approximation to a fair way of determining next-gen standards. I hear voting isn't so popular over in China though.
    • Perhaps it is because in the developed world our "ideal" standard is something developed by consensus, whereas in China the "ideal" standard is to do what the government tells you and shut up already? That would lead to two competing styles of negotiation, one where differences are worked out, and another where, in the absence of an ability to simply arrest everyone who disagrees with you and use them for spare parts in your state run organ farms, the only option is to walk out in a huff?

      And yes, it worrie

  • by HangingChad (677530) on Monday June 12, 2006 @08:38AM (#15516191) Homepage
    What if some day the Chinese decided that they're not going to produce devices that don't meet their standards? So far it hasn't been a problem but if the government decided all Chinese factories were going to produce routers with China-Fi encryption, that's what they'd produce.

    And since they own all our manufacturing capacity, there would be little we could do about it. It would take years to tool up enough manufacturing to replace everything we depend on them to produce.

    I guess being dependent on foreign oil wasn't good enough. We had to match that folly by sending our component manufacturing overseas as well.

    • What if some day the Chinese decided that they're not going to produce devices that don't meet their standards? So far it hasn't been a problem but if the government decided all Chinese factories were going to produce routers with China-Fi encryption, that's what they'd produce.

      And since they own all our manufacturing capacity, there would be little we could do about it. It would take years to tool up enough manufacturing to replace everything we depend on them to produce.


      Not really, what are you basing all
    • What if some day the Chinese decided that they're not going to produce devices that don't meet their standards?

      Then world governments dictate that all WAPI-enabled router imports ship with an OpenVPN installer CD, and we all go the sane route of running trusted VPN software over untrusted open Wi-Fi connections.

    • What if some day the Chinese decided that they're not going to produce devices that don't meet their standards?

      Then they'd lose out on the billions upon billions of dollars they're importing from the USA. Factories in Taiwan, S.Korea (and pretty much everywhere else in the world) would be brought back up to speed quickly, and be outputting wireless routers before the first non-standard Chinese routers actually hit the docks. And this is not to mention the fact that pretty much all wireless routers/APs and

  • by k1980pc (942645) on Monday June 12, 2006 @08:41AM (#15516203)
    when Mandarin or Cantonese is equally or more effective :)
  • I suspect lots of companies and people would have liked to stick it to the IEEE and Linksys, and if the Chinese had prepared their position well, negotiated carefully, and put in a good proposal for an open, patent-unencumbered, well-tested, and clean encryption standard, they could have won this debate.

    I don't know what exactly they actually did, but from the strongly negative reactions, I'm concluding that they must have failed on not just one, but several of these points.
    • What they did?

      They proposed a secret standard, with a central key repository (located on Chinese government servers). Implementation of this standard was given to 12 Chinese companies, and developing any devices based on this standard requires partnering with these Chinese manufacturers.

      It isn't patent-encumbered, but that's because its a secret, and patenting it would require releasing the details.

      There isn't any debate to win. Not only is it proprietary versus open, its proprietary and exclusively controlled-and-licensed-and-manufactured by the Chinese government and Chinese state-owned companies.

      Everything about WAPI is wrong.
  • by wkcole (644783) on Monday June 12, 2006 @09:58AM (#15516559)

    EETimes did a fact-rich article [eetimes.com] in March. The first paragraph of the second page is most illuminating. It seems the "startup" that owns the secret encryption mechanism lacks any visible means of support, and it is a "spinoff" of a government body.

    IMHO there is far too much polite gentility and benefit of the doubt shown in the media, and ISO, and WTO and even /. to the thugs who run China. There's no moral or technical equivalency involved here. The Chinese government presented WAPI late accompanied by protectionist threats and has been whining disingenuously about the world mistreating it in the process ever since. WAPI has received over 2 years of special treatment because the rest of the world relies on Chinese de facto slave labor to build its electronic goods. If the ISO process was being run honestly with a legitimate goal of defining a trustworthy secure standard that can be widely implemented in interoperable and competitive ways, WAPI would have been dismissed when first proposed.

  • Dropping the Bomb (Score:3, Insightful)

    by Doc Ruby (173196) on Monday June 12, 2006 @10:08AM (#15516621) Homepage Journal
    Walking out on negotiations might work when you're holding the nukes or the Tibet being discussed at a diplomatic meeting. But walking out on engineering standards meetings for consumer electronics seems more like giving up. Maybe when you're a mafia government that rules by decree with an iron fist, you can't tell the difference.

The biggest mistake you can make is to believe that you are working for someone else.

Working...