WAPI Status Dave Halasz, Cisco Systems Dennis Eaton, GlobeSpanVirata doc.: IEEE 802.11-02/XXX Nov. 2002 November 2003 WAPI Status Dave Halasz, Cisco Systems Dennis Eaton, GlobeSpanVirata November 11, 2003 David Halasz, Cisco Systems, Inc. David Halasz, Cisco

doc.: IEEE 802.11-02/XXX Nov. 2002 November 2003 WAPI Background On May 12, China issued two WLAN security standards which will become compulsory on Dec 1, 2003: GB15629.11 and GB15629.1102. The information security portion of these standards specifies the Wireless LAN Authentication and Privacy Infrastructure (WAPI) which appears to differ significantly and is incompatible with WPA and 802.11i. Many details required for implementation of the standard are not fully defined, including encryption, authentication, protocol interfaces and cryptographic module APIs. David Halasz, Cisco Systems, Inc. David Halasz, Cisco

Wi-Fi Alliance activity November 2003 Wi-Fi Alliance activity On October 24, the Wi-Fi Alliance, in conjunction with USITO, organized a delegation of 802.11i experts from Wi-Fi member companies to meet with the Broadband Wireless IP Standard Group (BWIPS, “The working group”), the group responsible for the creation of the Chinese national WLAN standards, including WAPI. Other important groups which were also present at this meeting included the Standards Administration Committee (SAC) and the Office of the State Commercial Cryptography Administration (OSCCA). David Halasz, Cisco Systems, Inc.

Objectives of the meeting November 2003 Objectives of the meeting To obtain greater disclosure from the working group on the details of WAPI. To share public technical details of the 802.11i security standard currently in development by the IEEE 802.11 working group. To share our concerns with the December 1st compulsory date for WAPI implementation and to ask for a delay in the implementation of this standard or as a minimum obtain a greater understanding of the Chinese Government’s transition plans and enforcement plans for this standard. To appeal to the Chinese to consider adoption of the 802.11i in some form for application in the Chinese market. David Halasz, Cisco Systems, Inc.

November 2003 Outcome of the meeting The SAC indicated that it was not possible to formally delay the December 1 compulsory date, although they admitted that it would not be possible for them to begin enforcement of the standard on this date. Instead they indicated that there would be a transition period between the compulsory date and when enforcement would begin. They did not have any details on the transition, but suggested that March might be a reasonable timeframe to begin enforcement. The OSCCA indicated that many of the parameters on the encryption and authentication portions of the standard were in the process of being finalized and that the details would be provided shortly. Several members of the Chinese delegation reported that the encryption algorithms for WAPI had been fully worked out but said that government agencies were discussing how to provide the algorithms to foreign companies. SAC indicated that it was interested in gaining a further understanding of the 802.11i standard and IEEE standards creation process. This could potentially lead to efforts to harmonize the two standards at some point in time. David Halasz, Cisco Systems, Inc.