Response to ISO/IEC JTC1/SC6 January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Response to ISO/IEC JTC1/SC6 Date: 2005-01-05 Authors: Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <stuart.kerry@philips.com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>. Draft Dorothy Stanley, Agere Systems

January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Abstract This document contains the draft response to JTC1/SC6’s forwarding of the Chinese NB contribution (National Standard of China, GB15629.11) found in 6N12687 to the IEEE 802 (and specifically IEEE 802.11) for information. Draft Dorothy Stanley, Agere Systems

January 2005 Background In the November 2004 Orlando ISO JTC1/SC6 meeting, ISO JTC1/SC6 forwarded the Chinese NB contribution (National Standard of China, GB15629.11) found in 6N12687 to the IEEE 802 (and specifically IEEE 802.11) for information. Preliminary response from IEEE 802.11 was presented in Orlando By Bruce Kramer, Jesse Walker and Al Petrick Subsequent Response from IEEE 802.11 needed Draft

Nov 04 Preliminary Response January 2005 Nov 04 Preliminary Response IEEE fully supports China’s desire to improve WLAN security beyond what was originally provided by Wired Equivalent Privacy (WEP) in 1999 IEEE 802 members recently invested >3 years in the development of 802.11i extensions to dramatically improve security (N7537) WEP was not removed, 802.11i features were added Security development is not complete and continues to evolve within 802.11 Advanced Security study group N7506 and N7537 are not mutually exclusive. Both can reside within 8802-11 as security mechanisms and be invoked when and where needed. Discussion needed on alternative mechanisms and processes Draft

Discussion of Documentation and Technical Options January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Discussion of Documentation and Technical Options Introduce N7506 as an optional amendment to IEEE 802.11 Identify unique functionality in N7506 and include the functionality in the IEEE 802.11i framework Introduce N7506 a separate IEEE 802.11 document, independent from the IEEE 802.11 standard No changes to IEEE 802.11; N7506 remains a China National Standard Work to have N7506 approved as an ISO standard (not IEEE) Others? Draft Dorothy Stanley, Agere Systems

Introduce N7506 as an optional amendment to IEEE 802.11 January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Introduce N7506 as an optional amendment to IEEE 802.11 Description: Introduce N7506 as an optional amendment to IEEE 802.11 Considerations: A security analysis is required. There will be a fundamental problem with completing a security analysis if the encryption protocol is not known. The proposed standard is incomplete, as it does not specify (either internally or by reference) an encryption algorithm to use.  Hence interoperation is not possible using this proposed standard. While in IEEE 802.11i, a specific authentication algorithm was not specified, the required EAP methods are publicly defined in the IETF, and interoperation is possible. Performance requirements of many applications dictate that the encryption scheme must be able to be implemented in hardware by each vendor. Draft Dorothy Stanley, Agere Systems

Introduce N7506 as an optional amendment to IEEE 802.11 January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Introduce N7506 as an optional amendment to IEEE 802.11 Considerations (continued): The WLAN market is demanding that multiple credentials be able to be used for authentication. N7506 provides a single authentication credential, the digital certificate. The IEEE Intellectual property statement would apply; an international standard cannot include state/national secrets The proposed standard does not consider backwards compatibility, and makes many existing implementations non-compliant by removing all description of WEP.  While WEP may have many failings, it is still in widespread use.  The proposed standard does not consider forwards compatibility.  It does not have any apparent method of signalling which encryption mechanism and authentication mechanism are in use, making it much more difficult to enhance in the future, and enabling potential down-grade attacks in the future. Draft Dorothy Stanley, Agere Systems

Introduce N7506 as an optional amendment to IEEE 802.11 January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Introduce N7506 as an optional amendment to IEEE 802.11 Considerations (continued):  Need to identify incompatibilities with the IEEE 802.11 amendments. Known incompatiblities include IEEE 802.11e QOS re-ordering. The proposed standard appears to incorporate material from an early draft of 802.11i (N7537), but does not incorporate the corrections made to that material during the further work of 802.11 Task Group i. The proposed standard appears to incorporate material from IEEE 802.1X.  IEEE 802.11 Task Group i were careful to maintain the architectural separation between 802.11i and 802.1X so that both standards could be developed separately.  The proposed standard breaks this desirable separation.  Given the errors in copying information from 802.11i, it is also likely that similar errors have been made in copying information from 802.1X.  A Reference to IEEE 802.1X should be added. Draft Dorothy Stanley, Agere Systems

Introduce N7506 as an optional amendment to IEEE 802.11 January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Introduce N7506 as an optional amendment to IEEE 802.11 Considerations (continued):  IEEE 802.11i provides an extensible security mechanism.  If a national standards body wishes to add new authentication algorithms and encryption algorithms (such as WAPI) they can do so without breaking interoperability with devices built in other jurisdictions.  In contrast, the effect of the proposed standard would be to prevent interoperation between equipment built in different jurisdictions, which would seem perverse for a proposed international standard Draft Dorothy Stanley, Agere Systems

Include Unique functionality within the IEEE 802.11i framework January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Include Unique functionality within the IEEE 802.11i framework Description: Identify unique functionality in N7506 and include the functionality in the IEEE 802.11i framework Considerations: Unique functionality appears to include The WAI Authentication protocol. This could be implemented via a new EAP method A new cipher. A new cipher suite selector could be introduced. Note that the cipher must be specified. A new hash function for data authentication(?). An alternative hash function could be specified in the 4-Way Handshake and PRF. A new Key Wrap algorithm; The new Key Wrap algorithm could be specified The benefits of the added algorithms must be described A security analysis is needed Draft Dorothy Stanley, Agere Systems

Introduce N7506 as a separate IEEE 802.11 document January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Introduce N7506 as a separate IEEE 802.11 document Description: Introduce N7506 as a separate IEEE 802.11 document, independent from the IEEE 802.11 standard Considerations: Relationship to IEEE 802.11 standard must be made clear Draft Dorothy Stanley, Agere Systems

No changes to IEEE 802.11 Description: Considerations: January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 No changes to IEEE 802.11 Description: No changes to IEEE 802.11; N7506 remains a China National Standard Considerations: Draft Dorothy Stanley, Agere Systems

Work to have N7506 approved in ISO January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 Work to have N7506 approved in ISO Description: Work to have N7506 approved as an ISO standard (not IEEE) Considerations: Interoperability with IEEE 802.11 is not provided Draft Dorothy Stanley, Agere Systems

January 2005 Possible Next steps IEEE 802.11 invites the China ISO delegates to the May 2005 IEEE 802.11 interim meeting, in Beijing, China for continued discussions Continue discussion on options Discuss questions on the processed and procedures used in IEEE 802.11 Provide an Overview of the active IEEE 802.11 Task Groups, including TGr, Advanced Security SG Draft

IEEE 802.11 Goals Maintain the Integrity of STD IEEE 802.11 January 5005 doc.: IEEE 802.11-yy/xxxxr0 January 2005 IEEE 802.11 Goals Maintain the Integrity of STD IEEE 802.11 Recall IEEE 802.11 is a single document, modified with amendments Ten active Task Groups; many interactions Maintain IEEE 802.11 WG as the Wireless LAN Standards development organization Adhere to IEEE 802 Operating Policies and Procedures Enable Chinese participation in the ongoing IEEE 802.11 process Quality Standards benefit from broad participation Respond to National Regulatory Requirements E.g. IEEE 802.11j Draft Dorothy Stanley, Agere Systems

Reference Material Preliminary Response – November 2004 January 2005 Draft

Nov 04 Preliminary Response January 2005 Nov 04 Preliminary Response IEEE fully supports China’s desire to improve WLAN security beyond what was originally provided by Wired Equivalent Privacy (WEP) in 1999 IEEE 802 members recently invested >3 years in the development of 802.11i extensions to dramatically improve security (N7537) WEP was not removed, 802.11i features were added Security development is not complete and continues to evolve within 802.11 Advanced Security study group N7506 and N7537 are not mutually exclusive. Both can reside within 8802-11 as security mechanisms and be invoked when and where needed. Draft

Nov04 Preliminary Response January 2005 Nov04 Preliminary Response IEEE 802 WG offers its full range of expertise to assist in the development of additional security systems that are both robust and well integrated into the IEEE Std 802.11 environment IEEE 802 WG wishes to ensure broadest worldwide participation of all interested technical experts IEEE 802 WG is very receptive to holding meetings in Asia and has already done so for groups such as 802.16 to better enable Chinese to engage in IEEE 802 standards work IEEE 802.11 is making arrangements for a meeting in Beijing in May 2005 IEEE 802.11 WG will be discussing the details of the Chinese comments (N12732) and a more formal IEEE Liaison Response in San Antonio the week of November 15. Request the email addresses of those who prepared N12732 to continue discussion Liaison responses will be provided to SC6 soon thereafter Draft

Nov 04 Preliminary Response January 2005 Nov 04 Preliminary Response WAPI’s success will require technical review by or collaboration with IEEE 802.11 WG IEEE 802.11 standard process requires: Extensions be forward compatible with all on-going and planned amendments to IEEE Std 802.11 No single amendment can break any other amendment Technical review inevitably leads to changes IEEE 802.11 WG needs ongoing participation by China’s experts, to guarantee it does not break any critical WAPI feature Draft

Nov 04 Preliminary Response January 2005 Nov 04 Preliminary Response Not all meetings can be held in Beijing IEEE 802 WG will continue to issue letters of invitation as requested IEEE 802 WG will investigate methods to expedite issuance of visas All technical documents are available via internet If requested, ISO participants can be added to 802.11reflectors Draft

Nov 04 Preliminary Response January 2005 Nov 04 Preliminary Response The core technical expertise for WLAN currently resides within the membership of IEEE 802.11 WG 6 times per year 500 people from around the world convene for this purpose. email and teleconferences enable development to continue between meetings. SC6 has recognized that this scale of effort cannot be replicated IEEE 802 WG wishes China’s delegates to note that security is not the only topic of development. 15 projects are currently underway to improve and extend the capabilities of WLANs. Most of those will be brought to ISO for incorporation into 8802-11. China is not contributing to those developments. IEEE 802 WG wishes to better understand under what conditions China would consider contributing to and participating in all aspects of WLAN development Draft

January 2005 References Std IEEE 802.11i Draft