Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Security Hardware

China Releases Own WLAN Security Standard 248

Posted by timothy from the more-than-nomenclature dept.
Lownewulf writes "This NetworkWorldFusion article describes the release of the GB15629.11-2003 wireless networking standard in China, a wireless standard similar to 802.11, but with better security. The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware." ziggyboy adds a link to CNET's article, noting that "all wireless devices sold in China are required to comply to this standard from December 1."
This discussion has been archived. No new comments can be posted.

China Releases Own WLAN Security Standard More

China Releases Own WLAN Security Standard

Comments Filter:

  • Tinfoil hat or not? (Score:5, Interesting)

    by grub ( 11606 ) <slashdot@grub.net> on Wednesday December 10, 2003 @11:17AM (#7680571) Homepage Journal

    While WLAN equipment sold in China is required to comply with this standard from Dec. 1, a transition period has been granted that extends the compliance deadline for some WLAN products until June 1, 2004.

    This sounds terribly rushed. How long have they been working on GB15629.11-2003 for (the ..-2003 may be a hint)? How well has it been scrutinized by security people?

    These questions lead me to believe that there are two possibilities here:
    • A: This is a system that the Chinese government built weaknesses into to spy on its people.
    • B: The Chinese government is rushing to get beat the IEEE people to make this an early standard which will make worldwide adoption easier. Now re-read A and drop the "on its people". Tell me if you feel better.
    That all said, you don't need to wait for these committees to finish fighting to harden your wireless LAN. At work we use IPSec over our 802.11[bg] stuff which is all VLAN'd and routed to an outside interface of our Cisco PIX.

    • On Tinfoil hats and then some (Score:5, Insightful)

      by segment ( 695309 ) <sil AT politrix DOT org> on Wednesday December 10, 2003 @11:33AM (#7680750) Homepage Journal
      Tinfoil warrior (need I say more?) [perfidious.org]

      Coincidentally, the majority of members of the WI-FI Alliance [wi-fialliance.org] are American companies, so I would be skeptical to pass this off as nothing more than a `shit China is gonna kill us with their low manufacturing costs' response. If the security is supposedly better as the post states, than why not verify this, and migrate to it. Wouldn't that make more sense than basically stating "you're security is good! but it's not a standard so we don't want it"

      • One thing people keep forgetting (or don't learn) is that encryption standards tend to need many, many years of peer review before they are considered "trustworthy" (and that's if they're written by a well-respected member of the crypto community). Generally, if a popular cryptosystem can survive a decade's worth of scrutiny without any major weaknesses being discovered then it's probably worth investing some confidence.

        If we all had a dime for every time someone came up with a new encryption scheme and
        • So what makes you think that the chinese
          national standard ISN'T a vintage, time-worn
          cryptosystem? Just because a standard was
          issued recently doesn't mean that the material
          being standardized isn't old.

    • Re:Tinfoil hat or not? (Score:5, Insightful)

      by Jason Earl ( 1894 ) on Wednesday December 10, 2003 @11:37AM (#7680793) Homepage Journal

      My guess is that this has to do more with patents than with anything else. China has been consistent in their drive to force the industry towards products that they can manufacture without having to pay patent licensing. Since the Chinese probably don't have much wireless equipment already installed, they don't really care about existing standards based on someone else's patents. They would much rather use their tremendous market power to drive industries towards commoditization.

      In short, the relative security of 802.11[bg] is a red herring. They don't give a crap about that, and they won't change their mind if the security in their standard gets busted tomorrow.

      The Chinese plan is to force current wireless manufacturers to be compatible with the Chinese standard, and then come out with their own chips that implement the Chinese standard. They can then sell these new chips without paying any patent licensing fees and use their inexpensive labor to undercut the foreign products.

      Of course, if it means lower prices for wireless products I am all for it. Heck, I would gladly buy products that only supported the Chinese standard if it worked and was less expensive than the current standards.

      • The only real way to sell components to China without worrying they will just clone it and ditch you is to sell it to them cheap enough to where making it themselves won't be any cheaper, which isn't easy.
      • In short, the relative security of 802.11[bg] is a red herring. They don't give a crap about that, and they won't change their mind if the security in their standard gets busted tomorrow.

        If you are looking for an excuse for a non-tarrif trade barrier China picked a pretty good one here. The IEEE group that designed WEP was originally a closed US only cabal taking its security advice from the US NSA.

        The 'standard' will be required for all WiFi gear sold in China, to gain access you have to have a licen

    • Given the Chinese Govt's regard for their peoples rights and privacy, I'll bet that it has a bigger backdoor than goatxse man.
    • What this sounds like to me is bureaucrats trying to be proactive to make sure that as Wifi gets widely deployed in China, that it starts out with some semblence of security up front, rather than deploying large amounts of non-secure equipment. Whether the WAPI standard is any good or not is a separate question - WEP was horribly broken, and the followon stuff that's trying to enable reuse of WEP components is probably not moving along fast enough for these bureaucrats.

      Whether the bureaucrats involved wil

    • The current standard security scheme in wireless device is weak enough that the Chinese governement has no need to supply a less secure protocol.
    • 1. Chinese company with strong ties to government/ministry officals hacks up a quick-and-dirty security scheme for their own APs.
      2. Government declares this technique to be the Chinese standard, effective immediately.
      3. Profit!

    • Re:Tinfoil hat or not? (Score:5, Interesting)

      by rifter ( 147452 ) on Wednesday December 10, 2003 @11:56AM (#7680995) Homepage

      "While WLAN equipment sold in China is required to comply with this standard from Dec. 1, a transition period has been granted that extends the compliance deadline for some WLAN products until June 1, 2004."

      This sounds terribly rushed. How long have they been working on GB15629.11-2003 for (the ..-2003 may be a hint)? How well has it been scrutinized by security people?

      These questions lead me to believe that there are two possibilities here:

      A: This is a system that the Chinese government built weaknesses into to spy on its people.

      B: The Chinese government is rushing to get beat the IEEE people to make this an early standard which will make worldwide adoption easier. Now re-read A and drop the "on its people". Tell me if you feel better.

      That all said, you don't need to wait for these committees to finish fighting to harden your wireless LAN. At work we use IPSec over our 802.11[bg] stuff which is all VLAN'd and routed to an outside interface of our Cisco PIX.

      Personally, I see this as the beginning of the fulfillment of the warnings security experts have raised over the past 10 years which were ignored despite the thirty foot tall letters of fire that said "ignore this at your peril." US Companies and Governments have taken a consistently anti-security stance, fighting the addition and development of more secure products, fighting security research, fighting the exposure of insecure products, etc etc.

      Work on cryptography and encryption has to be done outside the US because of shortsighted laws and the aforementioned atmosphere. The crappiness of US wireless technology has been pointed out again and again only to be met with "STFU you terrorist! Do you want to destabilize our economy even more?" Now China is coming out with a better standard and US companies are scared to death people will switch since they refused to develop a decent one.

      I am not saying the Chinese method will be the best, either. On the contrary I think that it will be the beginning of a trend of better, more secure products being made in countries other than the US where innovation can actually occur without running afoul of our brain-dead IP and antisecurity laws. China not being a hotbed of innovation normally only suggests that we have much much worse to fear from countries which have a more individualistic culture.

    • Re:Tinfoil hat or not? (Score:5, Interesting)

      by ucsckevin ( 176383 ) on Wednesday December 10, 2003 @11:59AM (#7681026) Homepage
      This could be a part of the golden shield project.
      For the past few years, China has placed top priority on the development of its golden shield project, which with the help of American companies like Cisco and Canadian companies like lucent, is the most ambitious surveillance project in history. It essentially allows public security (gong'an ju) unprecendented access to citizen's data, both government (i.e. danwei information) and private (email, telephone conversations, text messages, etc.). They want to make sure its citizens aren't discussing democracy, praticing falun gong, or any other unauthorized religion like roman catholicism (or any church that doesn't have a "patriotic" association with the government, or having an unauthorized birth.
      I'm laughing at myself cuz I know I sound slightly paranoid, but it's true.
      More info on golden shield (these three links are the same report, i'm posting three links as a hedge against any slashdot effect)here [ichrdd.ca] here [totse.com] and here [openflows.org]
      *** If you're really interested in this subject, check out Ethan Gutmann's upcoming book losing the new china [amazon.com] his insight and understanding will really blow your mind.
      • Never attribute to malice what can be adequately
        explained as stupidity.

        What this is, is someone's cousin got a fab,
        so the principal called his brother-in-law
        on the central committee, and got him to
        push a rule through some puppet engineering
        group that guarantees that said cousin will be
        first-mover in a multi-billion-yuan market.

    • If the Chinese want to spy on their people, all they need to do is to encourage use of existing 802.11{a,b,g} equipment with WEP encryption, since it is trivial to sniff.

      As others have said, the Chinese are sick of paying patent licensing fees to the West. They already build almost everything, and if they keep the patent fees too, they get to keep all the money. So that means that they will want to design their own standards.

      • Hint: NOBODY pays patent royalties out of
        China unless they are selling products for
        export. This is a domestic market rule
        designed to give insiders a big fat monopoly
        window to entrench themselves as the market
        leader.

  • New Standard (Score:5, Insightful)

    by SilentSage ( 656382 ) * on Wednesday December 10, 2003 @11:17AM (#7680581)
    I disagree with the assertion of the poster that the Chineese standard has better security. For starters it does not use AES (the new advanced encryption standard) and the article does not specify what (if any) encryption protocol the Chineese standard uses. What this seems to me to be is an attempt to give the Chineese government a larger voice in the implementation of new networking standards. If hardware vendors and the IEEE roll over on this one the next thing you will see out of China (and other like minded countries who will follow suit) are the emergence of protocols which make it easier to censor and control content on the web. The market pressure to comply with this standard will be huge however. Given the size and growth of the Chineese market the financial rewards for early adopters will be great not to mention the potential to establish a major vendor footprint in an emerging market.

    • Re:New Standard (Score:3, Insightful)

      by landoltjp ( 676315 )
      Although I can understand the concern of having the Chineese government push privacy-eroding standards into networking protocols, how is this any different than the US-backed standards such as the "Fritz chip" (I believe), or key-escrow standards, or the requirement to adopt standards or technology that allow Federal Snooping Bodies to monitor internet traffic from their office Lay-Z-Boys?

      The Chineese aren't the only sharks in the ocean. The US Government doesn't seem to be promoting much better; they j

      • Re:New Standard (Score:3, Insightful)

        by Angostura ( 703910 )
        It isn't *that* different. And look how much support those initiatives you mention garnered. Not...a...lot Luckily the U.S government is still subject to a little democrating oversight, so some of its nuttier ideas can get filtered out.
      • The Chineese aren't the only sharks in the ocean.

        The adjective meaning "from or having to do with China" is spelt Chinese, not Chineese. SilentSage (original poster) got it wrong (consistently) and now this new word is propagating. Posting history would indicate that SilentSage is American and you are Canadian. Sic transit gloria mundi.

    • Oh come on people. Every time China comes up with a technology iniative, we in the west cry foul, as if somehow we have the god-given right to define standards and technologies that all the world must use. Hate to break it to you all, but China has a lot more people than we do, and sometime in the near future we'll be the ones who are trying to make our protocols compatible with theirs, not the other way around. China has some of the most brilliant people in the world. They are really good and inventing

      • Re:New Standard (Score:3, Insightful)

        by aminorex ( 141494 )
        Your comment is the kind of knee-jerk that
        discredits the autonomous nervous system.

        IEEE is not an American standards organization.
        It is an international professional organization
        which promotes engineering standards globally,
        defined by engineers from all over the world,
        including China. IEEE is not ANSI.

        No, somebody's cousin is gonna make billions
        of yuan off of this little rule, and that's
        why they came up with it. Corruption, pure
        and simple.

  • 802.11i? (Score:4, Funny)

    by Dave2 Wickham ( 600202 ) * on Wednesday December 10, 2003 @11:18AM (#7680587) Journal
    I must say I've never heard of 802.11i before; have I missed everybody talking about it, or is it underreported? I don't pretend to be an expert in wireless technology, but I've not seen it mentioned anywhere... Then again, their status page [ieee.org] (quickly looked up, yay Mysterious Future...) uses <blink>, was exported by MS Word, was "cleaned up" by Netscape 4, and has an incorrectly capitalised DOCTYPE, and I'm not sure if I'd trust wireless security to a group with a status page like that :-P (I know, they probably didn't make the page, but it still gives a bad impression).

    • Re:802.11i? (Score:2, Informative)

      by spacecowboy420 ( 450426 )
      OK, why do we always judge what the engineers do by the crapalicous activities of some webmaster/secretary etc....? Granted, you should always put your most professional foot forward, but to doubt an entire project because someone exported from word? The document was probably in word already and this was the easiest way to maintain consistency between their printed materials and the web page.
      Judge the product on the merit of the standard's details, not on your expert html skills.
      • (I know, they probably didn't make the page, but it still gives a bad impression)
        I was mostly joking about not trusting the project based on the HTML, but you do have to admit (and you appear to have done) that it does give a bad impression.
  • They have reasonable fears but prehaps they are more scared as its a better standard

    Rus

  • So now the 800lb gorilla... (Score:5, Funny)

    by akaina ( 472254 ) * on Wednesday December 10, 2003 @11:20AM (#7680602) Journal
    ...a country with one of the worst records of human rights violations now has their own:

    Flavor of linux (RedFlag)
    DVD standards
    wireless encryption
    Video compression (AVS)
    Taikonauts
    Access to windows source code
    Web searching (Chinese Search Alliance)
    CPU architecture (Dragon)

    Is anybody else out there as concerned as I am about this?

    • Re:So now the 800lb gorilla... (Score:5, Insightful)

      by dmp123 ( 547038 ) on Wednesday December 10, 2003 @11:24AM (#7680656)
      No, not at all.

      The US has all of the above (or rather, US *Corporations* do)... I personally think that for this power to be shared among countries is good - too much one way is bad.

      I'm not sure I trust US corporations to 'do the right thing' any more than I trust the Chinese government.

      David
      • That being said, I don't think any US corporations are going to start executing competitors and charge their families for the cost of the bullet.

        They're not supposed to be able to profit or spin off of the freeworld's innovation. What was the UN thinking?

        I thought the whole point of building a government the right way was so that one day you could reap technelogical benefits for the greater good. But now, after we've made the cake, China gets to eat it too. Something is dreadfully wrong when a country lik
        • Corporations, and companies (let's not lend creadence to the myth that only corporations are irresponsible) have had private police forces in the US as late as the 1920s. These private police forces had the ability to arrest and jail people, just like the US government.

          Oh, for those trolls who might want to respond, "Yeah, but that was a hundred years ago..." might do well to read this link [mindfully.org]. Here's a short excerpt;

          For the first time, an American judge has ordered a U.S. corporation to stand trial for a

        • > That being said, I don't think any US corporations are going to start executing competitors and charge their families for the cost of the bullet.

          You were saying? [slashdot.org]

          Oh, wait. You're right. In China, they charge you for the bullet. That'd never happen here. As you can see, in America, the bullets are supplied as an integral part of the complete RIAA package. :)

        • American multi-national corporations have to go to developing nations to get away with that. Check out the movie "Missing" if you want to see the dark underbelly of the American dream.
      • I'm not sure I trust US corporations to 'do the right thing' any more than I trust the Chinese government.

        Well, then you're not very smart. Show me a US corporation that runs over students with tanks, kills millions of inconvenient surplus citizens with manufactured famines, exersizes draconian population control, and has nuclear weapons. Oh, but China hasn't tried to stop us from downloading free MP3's or playing DVDs on our Linux boxes, so I guess it all balances out.

    • no (Score:2)

      by twitter ( 104583 )
      I'm more concerned about the way they use their tools then the quality of the tools themselves. It's great that they have developed operating systems, chips and all. That they use these things to intimidate themselves and their neighbors is not great.

      I'd be happy to have a Cuba style trade embargo in place with China till they have something aproaching free speach and many of the other provisions of the much abused US Bill of Rights. The idea that we will destabilize their governemt by pouring wealth in

      • I'd be happy to have a Cuba style trade embargo in place with China till they have something aproaching free speach and many of the other provisions of the much abused US Bill of Rights.

        China has rather more ecconomic leverage than the US. If China stops buying US bonds (they are the largest government purchaser) the US budget deficit and trade deficit would quickly reach crisis point.

        The US budget deficit will be $500 billion this year. The major causes are the tax cuts and the sharply increased spend

    • China violates human rights, but they are a long way from "one of the worst" these days. Compared to, say, Saudi Arabia, China is a paragon of personal freedom.

    • These technologies help China produce things that people want to buy, which brings in money and improves the standard of living. These technologies also improve the informational infrastructure of the country. Essentially the Chinese government is giving its citizens rope to hang itself with. History shows that an affluent, well-informed citizenry will not tolerate a dictatorship forever.

  • Very secure devices (Score:3, Funny)

    by Rosco P. Coltrane ( 209368 ) on Wednesday December 10, 2003 @11:25AM (#7680659)
    The HTML configuration pages are all in Chinese, and the devices have strict orders to not talk to foreign capitalist pigdogs, under penalty of immediate brutal termination and dismantlement.

  • standards joke (Score:5, Funny)

    by rexguo ( 555504 ) on Wednesday December 10, 2003 @11:25AM (#7680660) Homepage
    "The great thing about standards, is that there are so many to choose from"

  • Get Used to It (Score:5, Insightful)

    by randall_burns ( 108052 ) <randall_burns@@@hotmail...com> on Wednesday December 10, 2003 @11:27AM (#7680684)
    China is likely to become the world's largest economy in the not so distant future. The technical community there _will_ want to make their mark on important standards in IT. The real way around this for the United States and the EU is to cultivate technical excellence among their own citizens-something the current corrupt governments and corporate elites are hesitant to do.
    • China is and will continue to be a large economy, but that in itself is meaningless. Will they be a big consumer? Will they buy goods from other countries? Will they have the money and the willingness to do these things? It doesn't look like that will happen, any time soon. China is a producer, not a consumer, and most of the world isn't interested in changing their products so Chinese consumers will buy them, because Europe and America are buying a lot more than China is, and that isn't poised to chan
    • cultivate technical excellence among their own citizens-something the current corrupt governments and corporate elites are hesitant to do.

      (Pssst - hey, buddy: your tinfoil is showing.)

      It seems to me that Western governments are trying their best to improve the technical education of their people. Do you have evidence otherwise?

      It also seems to me that the "corporate elites" have even less influence on the education level of the average citizen than the government does. To the extent that they do

      • (Pssst - hey, buddy: your tinfoil is showing.)

        Namecalling is the technique of the intellectually bankrupt.


        It seems to me that Western governments are trying their best to improve the technical education of their people. Do you have evidence otherwise?

        What I would suggest you want to look at here:

        Enrollment in Science programs prior [nsf.gov] to H-1b/L-1 [h1b.info] expansion and after. I think what you'll see is that the effect of offering large numbers of visas to those in Scientific and technical fields has been to d [keys2it.org]

        • Namecalling is the technique of the intellectually bankrupt.

          Pot, kettle, black.

          Enrollment in Science programs prior to H-1b/L-1 expansion and after.

          Fun with statistics, tactic #1: always assume causation. Just because I come home 90% of weekdays just before sunset doesn't mean I cause the sun to set by doing so. There may be other factors at work.

          Entrance to technical fields is cyclical, following supply and demand and what's trendy. The pressure of immigration on the job market more constant, s

  • B15629.11-2003 is a bit of a mouthfull... (Score:5, Funny)

    by Aardpig ( 622459 ) on Wednesday December 10, 2003 @11:28AM (#7680695)

    ...wouldn't Wi-Chi be better?

  • I saw this in Command & Conquer Generals (Score:5, Funny)

    by Rahga ( 13479 ) on Wednesday December 10, 2003 @11:29AM (#7680698) Journal
    This is why Black Lotus and your hordes of hackers say "I can hack into anything."

    Forget accounting fraud and unethical stock manipulations... The real threat will be obvious when hundreds of men from China gather on the lawn 100 feet away from the Pentagon and pull out their laptops.

  • Security on AP's is a BAD idea (Score:3, Insightful)

    by div_2n ( 525075 ) on Wednesday December 10, 2003 @11:30AM (#7680717)
    I still don't understand why people get so wrapped up on encryption at the AP level. Wired switches and routers don't encrypt data. That is reserved for firewall/vpn devices which makes sense because the overhead associated (beyond security concerns) doesn't make sense to burden your transport mechanism.

    What do people want encrypted? Their credit card numbers? Encryption of sensitive information like CC#'s is (should) be handled by SSL where the data is encrypted BEFORE it leaves the pc. No wireless encryption needed. Their e-mail? If they are sending that sensitive of information, they probably shouldn't use standard e-mail in the first place. They should encrypt a document and then e-mail it or encrypt the e-mail itself.

    I am still yet to find a situation where encrypted wireless signals make sense for home or even business situations. If it is a business that is in need of securing their communications, they should use VPN's anyway.

    I think it makes more sense for an additional independent circuitry to be installed on AP's that does VPN's and build into wireless cards a VPN client or include VPN software. Hell, even make an externally pluggable device that attaches to an AP so that it can be upgraded as future VPN's get stronger in encryption.

    Leave AP's to do what the do best--serve wireless clients.
    • One easy example - you use a file server and reguarly transfer files over to it, which cannot be encrypted as they need to be accessed over an apache server firewalled internally. These files are then 'caught' as theyre sent from your machine to the file server.

      Another example... you're using software which reguarly communicates between machines with data (i.e. a database software) but hasn't got the idea of encrypting the sent data build in and your company relies on said program. Therefore, you ge tit to
      • There. Good enough?

        No.

        you use a file server

        There is no reason a file server can't have a VPN and use that as it's gateway. Any connecting clients (and the Apache server for that matter) can all communitcate over the VPN.

        software which reguarly communicates between machines

        Again, any and all of these machines can run a VPN client and use their VPN as their gateway.

        Next.
      • The original poster is advocating the use of encryption at the session or transport layers. He's not suggesting that you encrypt your files first, then send them using unencrypted transports, he's suggesting that you encrypt your transports. In other words, use SCP or SFTP instead of FTP, SSH instead of TELNET, HTTPS instead of HTTP, etc.

        Or use VPN, which sets up an encrypted tunnel at the IP layer, which effectively encrypts all of your transport protocols from the perspective of someone outside of your
    • Because the actual mean of encryption also allow you a certain control on who access your AP.
      The security standard is mean to offer equivalent privacy a wire (which is not that private).

      I have no trouble with multiple layer of security. Especially that not every site or e-mail server use encryption (SSL) to access their resources. I may not want absolute privacy when sending some e-mail but I don't want everybody in my neighborhood to be able to read them without efforts.

      • Because the actual mean of encryption also allow you a certain control on who access your AP.

        That is access control and not an encryption issue. Even still, WEP offers no such guarantee.

        Step 1) Sniff wireless packets.
        Step 2) Crack WEP keys while you eat your lunch or take a sip of a beverage depending on the level of WEP used.
        Step 3) Clone MAC address.
        Step 4) Conenct and surf/whatever until you get bored.

        The security standard is mean to offer equivalent privacy a wire (which is not that priv
    • For most homes/businesses, encrypted wireless doesn't make sense. However, there are plenty of reasons to do encryption (or at least some other type of security measures) at the AP level in higher security situations (military/government stuff).

      For instance, suppose you send me an encrypted email that is transmitted over a wireless network at some point in its path. Someone eavesdropping on the wireless almost certainly can't decrypt the message - but they can tell that a message was transferred, and

    • Re:Security on AP's is a BAD idea (Score:5, Insightful)

      by Chanc_Gorkon ( 94133 ) <.moc.liamg. .ta. .nokrog.> on Wednesday December 10, 2003 @11:59AM (#7681020)
      Security at the AP IS needed. First, if there's no security built into the AP, anyone can get on your network. It's like putting a Ethernet jack on your unsecured front porch or even worse....at the mailbox. Sure they may not be able to get to your servers, but they still can steal bandwidth from your applications.

      Second, anything that is broadcast over the air can be picked up and recorded. If it's not encrypted, you run the risk of letting anything you do on your WiFi. They don't even have to connect to your AP....they could just fire up the laptop with the WiFi card in promiscuous mode and scan away. I agree with you that cc numbers and really important things SHOULD be encrypted befor sent, but personally, I really don't want just anyone else knowing what websites I go to even though I do have nothing to hide.

      Lastly, even if you did have some security built into the AP (even if your using something more then WEP), I'd still require a VPN to get to the internal network. As it is, AP's probably don't have the horsepower to do user authentication plus you probably already have LDAP or something else internally for authentication. Plus adding the VPN as a requirement for WiFi users also adds another layer of security.
      • First, if there's no security built into the AP, anyone can get on your network.

        Not if your wireless network is segmented off by the VPN server.
      • Actually, if you are a cable/DSL/Frame/ATM user, your bandwidth is already overbooked (10-20:1 for a commercial user, up to 200:1 for a home user).

        In this environment, the concept of stealing bandwidth that is already shared outside your control is somewhat meaningless.

        That said, I agree that there should be security in the AP. My reason is that currently law enforcement has inadequate skills to investigate criminal activity originating at a given IP, without implicating the AP owner. As a result, a sec
    • I still don't understand why people get so wrapped up on encryption at the AP level.

      snip..

      Encryption of sensitive information like CC#'s is (should) be handled by SSL

      Well, for one thing because not everything we want to do is over the HTTPS (or similarly encrypted) protocols. For example, I may not want people to track my web surfing habits, even if its only non-SSL sites.

      For another thing, I may not want people to know the hosts I communicate with, even if the payload is encrypted. I don't want them
    • I am still yet to find a situation where encrypted wireless signals make sense for home or even business situations.

      How about in a doctor's office? Don't tell me that wireless is of no use to doctors, that's short sighted. Wirelessly checking your mail with anthing other than a ssh connection on a university campus is a bad idea. Web browsing with passwords might is a bad idea unless you are 100% sure the website in question encrypts identifying information and anything else you might consider sensitive

    • If you think of a hub or switch, you control who gets plugged into it and can therefore talk to other machines on the network. With standard wireless and even the WEPs, you don't realistically have that control, it's trivially simply to bypass and gain Wired Equivalency.

    • I am still yet to find a situation where encrypted wireless signals make sense for home or even business situations.
      If that is the case, then why do so many people post as ACs to slashdot? Some people sometimes dont want what they say traced back to them.
    • We all know how paranoid the Chinese government is about information which doesn't match their view of the world. If access points start becoming common and there is no encryption (more importantly, no authentication), then people will be able to walk up to a misconfigured AP and upload whatever content they want without fear of being traced. Possibly they want to avoid this, requiring the AP owner to be liable? Of course, they could just arrest the AP owner now and have everything shut down. That would wor
    • I'm curious to know how often some other RF hops are used for typical network traffic. I hear of some sites with satellite or 802.11-based point-to-point network connections. How secure are those? It's very likely that some amount of Internet traffic you've created has passed over some form of RF link. You cannot guarantee that every hop your data travels over is free from snooping or logging of some kind. Sure, it's easier to do that with 802.11 but it's a bad assumption to say it won't happen without
  • As general-purpose chips get smaller and cooler, there is less and less need to code a particular radio standard into the chips - it becomes possible to support multiple standards (Wifi, BlueTooth, GSM, etc.) Either switching between them, or even in parallel.

  • I applaud this! (Score:3, Interesting)

    by Jacco de Leeuw ( 4646 ) on Wednesday December 10, 2003 @11:31AM (#7680726) Homepage
    Most vendors refuse to release updated drivers with WPA/TKIP support for their 802.11b gear. They knowingly sell broken (read: WEP) hardware that they don't intend to fix. They rather want you to buy 802.11g gear for WPA support!

    You know what, I'm fed up with this. Might just as well buy this Chinese gear then... (And run IPsec over it).

  • IEEE (Score:3, Insightful)

    by vchoy ( 134429 ) on Wednesday December 10, 2003 @11:34AM (#7680755)
    The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware.

    MHO: I do not think the IEEE has anything to worry about. For all I care, any Government can release their own home grown networking stack/protocol standard in regards to IEEE's 802.3 ...or any other 'standards' for that matter.

    Will people accept this new standard? Who will manufactures trust: One Government/Country, or a respected body encompassing more than 380,000 individual members in 150 countries..promoting consensus-based standards?

    As a consumer, which would you choose/trust?

    • One Government/Country, or a respected body encompassing more than 380,000 individual members

      Well, according to the BBC [bbc.co.uk], there are currently 1,260,000,000 people in China. Last I checked, that's a much larger market that the 380,000 members of the IEEE, and comperable, if not more than, the markets of all those 150 countries combined.

      If the Chinese get pretty serious about rolling out computing equipment to their people (and stuff like this new standard suggests that they will), the more than a billi
      • It really doesn't matter how many people they have if those people can't afford what's for sale. For China to have something resembling a Western standard of living, they'll be required to increase the size of their economy about sixfold. That's a fairly tall order, one that won't come about overnight, and one that probably won't come about at all until they finally figure out that Western-style open political systems are part and parcel of Western standards of living.

      • Re:IEEE (Score:3, Insightful)

        by slick_rick ( 193080 ) *
        It is surprisingly hard to find any census data on China (probably for obvious reasons). The data [paulnoll.com] I could find is from over a decade ago. At that time (1986) over 60% of the population fell into the "peasant" category. Even if that number is only 50% now, that is still 600 million peasants who certainly aren't really in the market for wireless access points. Even a majority of those who are "non-peasants" probably aren't doing well enough to squander money on a WAP considering GDP per capita was only $467 [doe.gov]

    • It is not a choice (Score:2, Interesting)

      by MacFury ( 659201 )
      It is not a choice. To sell WiFi in China, you must use their standard.

      This poses a couple of issues for international companies. Why spend development money on both a US and China standard? The US does not mandate that you have to use 802.11b, so why not ditch it and go with the Chinese standard, cutting development and support costs in half?

      I work in retail. Trust me, consumers really don't care. Hell, half the time they don't even care if what they buy works, so long as they like what it looks l

  • IEEE worried? (Score:5, Insightful)

    by seekr_hidr ( 588453 ) on Wednesday December 10, 2003 @11:34AM (#7680761)
    Stop bashing China people... How many times have some American company came out with their own standard that's different from IEEE's? TOO MANY TIMES! A new standard from China is just another drop of water in an ocean full of non compatible standards......
    • Perhaps. But how many of these US commercial "standards" have the full measure and effect of a *government mandate* for adoption? Oh, that's right - none do. And with 1.3 billion potential (read: mandated) adopters, that's a wee bit more than just a "drop in the bucket."

      Dom

  • Wireless Standards horse (Score:5, Insightful)

    by Oriumpor ( 446718 ) on Wednesday December 10, 2003 @11:36AM (#7680782) Homepage Journal
    Has been dead a long time, so stop beating it. 802.11b is not a standard, Linksys has their own proprietary 22mb scheme. 802.11g uhh Dlink/Linksys etc all have their "own" 72+ mb g network products. Even the standards have been bastardized with (I'm guessing) compression layers. WEP is horrible, there are ways to get around it (that require nearly as much bitspace overhead per/packet) ssh, openvpn, winblows vpn, ipsec etc etc.

    So what if china wants their own wireless standard, there are so damn many already, one more quasi-secure wireless network isn't going to be revolutionary.

  • This is the way the game is played (Score:5, Insightful)

    by Quixote ( 154172 ) on Wednesday December 10, 2003 @11:43AM (#7680861) Homepage Journal
    Countries use standards to benefit their own companies, and put hurdles in the path of outsiders. With the WTO and all, standards are one way to put up trade barriers.

    Example: the NTSC, PAL, SECAM, MESECAM, etc standards for broadcast TV. Why do we have so many of them?

    Another example: HDTV (US picked 8-VSB, Japan picked COFDM).

    China has now realised that it is heavy enough (in "Gorilla" terms) that it is beginning to throw its weight around. A recent example was the new DVD format, EVD [latimes.com]

    • Example: the NTSC, PAL, SECAM, MESECAM, etc standards for broadcast TV. Why do we have so many of them?

      Because TV was invented before the computer chip. Back in the dark mists of time you needed a way to get a clock cycle for your video signal. The easiest way to do this was to use the cycles in your AC mains power. In the US that is 60Hz while in Europe 50Hz was used, leading to two different framerate standards (NTSC is not 30 fps because of a hack performed when color was added to the broadcast sig

  • Learning from Microsoft (Score:5, Insightful)

    by simbiotic ( 696472 ) * on Wednesday December 10, 2003 @11:52AM (#7680949) Homepage
    Sounds like the Chinese government are learning from the experts. Take a standard. Modify it a bit. Use your monopoly (whether commercial or state) to make everyone use your version. The US justice system has made it clear it is okay to behave this way so why shouldn't the rest of the world?
    • I think you're on to something there. By creating their own wireless standard, they have created a brand new market for their domestic hardware manufacturers. Foreign companies must license the technology from one of the designated Chinese companies to produce compliant products for China. There's not a whole lot foreign companies can do, except complain to their governments about a possible WTO case, or play along.

  • IEEE Worried? (Score:4, Interesting)

    by Czernobog ( 588687 ) on Wednesday December 10, 2003 @12:03PM (#7681054) Journal
    Why should I or the Chinese or anyone else care?
    Since when did the IEEE become the ultimate authority on standards? It's a USA institution remember. Other countries have their own institutions for this..
    And it's not as if the IEEE is the most unbiased institution of them all. Corporate money decides what's a standard more often than not nowadays...

    As far as the issue of standards themeselves. Since when do we have to always follow standards, especially others'? If something works better for more people, then bring it on. Progress occurs when breaking with tradition/standards and there is merit to the new system/whatever. Not by blindly following the old standards.

  • that concern is unjustified (Score:3, Insightful)

    by penguin7of9 ( 697383 ) on Wednesday December 10, 2003 @12:16PM (#7681191)
    The IEEE is worried that this may lead to the need to support two different standards in wireless networking hardware."

    That concern is entirely unjustified: 802.11 currently doesn't have any meaningful security. So, there won't be "two different standards", there will be just one: the Chinese one. Let's hope it catches on.

    The IEEE should bow its head in shame--802.11's WEP was a complete fiasco and an embarrassment to engineering profession.
  • Where does this leave WPA security then? My Airport Extreme base station just let me start using it and I feel more secure already!

  • Maybe China doesn't want people to steal bandwidth (Score:3, Insightful)

    by phoxix ( 161744 ) on Wednesday December 10, 2003 @12:55PM (#7681570)
    Think about it

    In the USA, having bucket loads of bandwidth is easy and cheap. However I suppose that isn't the case in China.

    Wifi makes it real easy for one to steal another's bandwidth. (Especially with WEP ...). While in the USA this isn't such a big problem (yet), it might be a bigger on in China where bandwidth isn't as cheap nor plentiful.

    While China is a communist gov't that doesn't care for freedom of speeh blah blah blah blah. It does need to look out for its own people. I for one see this only has a preemptive measure against what might be a serious problem in the future (especially for China's high population density).

    Sunny Dubey
  • ...it's because you can't do anything right...even when you behave exactly like a real capitalist. Do you realize how brain-washed some of you are about china? You even live in a sociaty with free press :(
  • How about instead of standardizing on poorly designed closed security standards, why don't we standardize on a DSP/software based pluggable security modules? I mean, heaven forbid we be able to choose our OWN security methodologies! I forgot, we have to have a stranglehold on our customer base, even if it means that security on the internet will continue to be fucked for another decade.

    Now, how nice would it be to use an SSL/SSH type connection to your access point? If that wasn't good enough, code a be

  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Wednesday December 10, 2003 @01:18PM (#7681841)
    Comment removed based on user account deletion

  • Oh no! (Score:3, Funny)

    by JamieF ( 16832 ) on Wednesday December 10, 2003 @01:51PM (#7682103) Homepage
    Now instead of crappy WEP I'll have to buy devices that have better security and are made in China so they'll be cheaper! DAMN IT!

  • ha ha! (Score:3, Interesting)

    by sir_cello ( 634395 ) on Wednesday December 10, 2003 @03:19PM (#7682929)

    How about this: the LSB is about to formalise its own unix standard based upon Linux at ISO, despite the 90% similarity between LSB and POSIX. Apparently, the LSB folks claim Linux is sufficiently different and many other bogus Microsoft like arguments.

    You think that I am joking ?

Slashdot Top Deals

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Close