1. WAPI Status Dave Halasz, Cisco Systems Dennis Eaton, GlobeSpanVirata
doc.: IEEE /XXX
Nov. 2002
November 2003
WAPI Status Dave Halasz, Cisco Systems Dennis Eaton, GlobeSpanVirata
November 11, 2003
David Halasz, Cisco Systems, Inc.
David Halasz, Cisco

2. doc.: IEEE /XXX
Nov. 2002
November 2003
WAPI Background
On May 12, China issued two WLAN security standards which will become compulsory on Dec 1, 2003: GB and GB The information security portion of these standards specifies the Wireless LAN Authentication and Privacy Infrastructure (WAPI) which appears to differ significantly and is incompatible with WPA and i. Many details required for implementation of the standard are not fully defined, including encryption, authentication, protocol interfaces and cryptographic module APIs.
David Halasz, Cisco Systems, Inc.
David Halasz, Cisco

3. Wi-Fi Alliance activity
November 2003
Wi-Fi Alliance activity
On October 24, the Wi-Fi Alliance, in conjunction with USITO, organized a delegation of i experts from Wi-Fi member companies to meet with the Broadband Wireless IP Standard Group (BWIPS, “The working group”), the group responsible for the creation of the Chinese national WLAN standards, including WAPI. Other important groups which were also present at this meeting included the Standards Administration Committee (SAC) and the Office of the State Commercial Cryptography Administration (OSCCA).
David Halasz, Cisco Systems, Inc.

4. Objectives of the meeting
November 2003
Objectives of the meeting
To obtain greater disclosure from the working group on the details of WAPI.
To share public technical details of the i security standard currently in development by the IEEE working group.
To share our concerns with the December 1st compulsory date for WAPI implementation and to ask for a delay in the implementation of this standard or as a minimum obtain a greater understanding of the Chinese Government’s transition plans and enforcement plans for this standard.
To appeal to the Chinese to consider adoption of the i in some form for application in the Chinese market.
David Halasz, Cisco Systems, Inc.

5. November 2003
Outcome of the meeting
The SAC indicated that it was not possible to formally delay the December 1 compulsory date, although they admitted that it would not be possible for them to begin enforcement of the standard on this date. Instead they indicated that there would be a transition period between the compulsory date and when enforcement would begin. They did not have any details on the transition, but suggested that March might be a reasonable timeframe to begin enforcement.
The OSCCA indicated that many of the parameters on the encryption and authentication portions of the standard were in the process of being finalized and that the details would be provided shortly.
Several members of the Chinese delegation reported that the encryption algorithms for WAPI had been fully worked out but said that government agencies were discussing how to provide the algorithms to foreign companies.
SAC indicated that it was interested in gaining a further understanding of the i standard and IEEE standards creation process. This could potentially lead to efforts to harmonize the two standards at some point in time.
David Halasz, Cisco Systems, Inc.