Chinese Security Snafu Looms
An inscrutable Chinese wireless LAN security rule recently passed by the Beijing government has at least one analyst accusing Mandarins of enforcing "protectionist" policies aimed at shoring up market share for domestic vendors.
"It's protectionist!" huffs and puffs Craig Mathias [ed. note: told you], a principal at the Farpoint Group, an analyst outfit.
The Chinese powers that be are insisting that all 802.11 kit used in the country must implement a proprietary wireless LAN security standard by June 2004. Called the Wired Authentication and Privacy Infrastructure (WAPI) encryption protocol, the snag is that it is not compatible with existing WLAN encryption standards such as the Wired Equivalency Protocol or Wireless Protected Access (WPA). What is more (or less, depending on your viewpoint), foreign vendors that want to use the standard will have to license it from one of 11 Chinese vendors. Chinese Goliath networking firm Huawei Technologies Co. Ltd. and PC maker Legend Group Ltd. are among the companies that foreign firms will have to partner with, if they want to get WAPI.
All this will mean that 802.11 chip vendors, card makers, and infrastructure suppliers will need to produce "two product slews" -- one for China, one for the rest of the world -- when delivering new kit, according to Chris Kozup, analyst at Meta Group Inc.. Existing enterprise users of 802.11 hardware also will need to work out how to upgrade their present equipment.
Making that trickier than, perhaps, it might be is the difficulty of obtaining a copy of the WAPI specification to find out what upgrades might entail.
"I've been trying to get a copy but I haven't seen it yet," says Meta's Kozup.
Farpoint's Mathias says that he hasn't seen the spec either but has been given "the highlights."
"There is the possibility of some simple fix," muses Mathias. On the other hand, he says, WAPI could also mean serious hardware and software upgrades to 802.11 kit [ed. note: base coverer!].
Wireless LAN switch startup Aruba Wireless Networks says it isn't that bothered by the whole issue, because its centralized system, which handles all encryption at the switch rather than the access points, will only require a simple software upgrade to support WAPI.
This may not hold true for other vendors though, particularly those that deal with encryption at the access point, rather than a centralized switch or management box. Airespace Inc., Colubris Networks Inc., and Symbol Technologies Inc. (NYSE: SBL) had not returned calls about this issue by press time.
Farpoint's Mathias says he's hoping that the Chinese authorities will moderate their stance before WAPI ever becomes an issue in the IT department. "This is, after all, a political matter, not a technical one," he says. "I wouldn't be surprised if someone took this to the World Trade Organization and filed a complaint there."
[Ed. note: Because, of course, the Chinese government has a really great record of listening to international opinion.]
— Dan Jones, Senior Editor, Unstrung