Sept 2005 doc IEEE 802 11 050967 r

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI Position Paper 2005 -09 -27 Notice: This document has been prepared to assist IEEE 802. 11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802. 11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http: // ieee 802. org/guides/bylaws/sb-bylaws. pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard. " Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <stuart. kerry@philips. com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802. 11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at < patcom@ieee. org>. Submission 1 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Discussion of the parallel fast track ballots for 802. 11 i and WAPI Prepared for consideration by JTC 1 P-members 27 September 2005 Submission 2 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Harmonisation is the most desirable outcome, and approval of WAPI will preclude harmonisation What is the history? What is the current situation? • WAPI is a WLAN security amendment to 802. 11 that has been promoted by the Chinese NB as an alternative to 802. 11 i • The “WAPI issue” resurfaced in JTC 1 in 2004, resulting in parallel fast track ballots for both WAPI & 802. 11 i • The parallel fast track ballots only started after the Chinese NB rejected all attempts to harmonise WAPI & 802. 11 i • WAPI became a topic of controversy in the WLAN industry in 2003, but the issue was postponed after a high level government agreement in 2004 • The parallel fast track ballots for WAPI & 802. 11 i allow for none, or both proposals to be approved What should happen? • Harmonisation is the most desirable outcome, and approval WAPI will preclude harmonisation Summary Submission 3 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI is a security amendment to 802. 11 promoted by the Chinese NB as an alternative to 802. 11 i Document no. IEEE 802. 11 i Chinese NB WAPI 1 N 7903 1 N 7904 Authentication mechanism • 802. 1 X & IETF EAP • Multiple credentials • Public algorithms • Digital certificates only • Custom protocol (WAI) Block cipher • AES CCMP • TKIP & legacy WEP • Public algorithms • Undisclosed block cipher crypto Advertisement & • RSN IE negotiation Base • WAPI IE (clone of RSN IE) • Amendment to ISO/IEC 8802 -11 Summary – History Submission 4 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI became a topic of controversy in the WLAN industry in 2003, but the issue was postponed • WAPI became subject of controversy in 2003 when a regulation was announced in China to require WAPI in all WLANs sold in China • Most of WLAN industry and various governments opposed the WAPI regulation because: – It meant standard 802. 11 equipment (without WAPI) could not be sold within China, serving no justifiable or sound regulatory need & erecting unnecessary trade barriers – Access to the secret WAPI block cipher required a technical partnership with government selected Chinese companies, resulting in IPR and business risks • The WAPI controversy subsided in 2004 after the Chinese government agreed to postpone promulgation of the regulation indefinitely – Due to legitimate concerns about hampering global trade in WLAN equipment, intervention on WAPI occurred at the highest levels of the US and Chinese governments, with Vice Premier Wu Yi (China) and Secretary of State Colin Powell (US) involved Summary – History Submission 5 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 The “WAPI issue” resurfaced in JTC 1 in 2004, resulting in parallel fast track ballots for WAPI & 802. 11 i • In July 2004, the WAPI controversy was reignited when a new version of WAPI was submitted to JTC 1 for standardisation by the Chinese NB • In October 2004, IEEE 802. 11 i was submitted for fast track ballot in JTC 1 by the UK NB • Since that time, there has been much confusion and disagreement related to the correct processes for considering WAPI & 802. 11 i in JTC 1 – eg the Chinese NB incorrectly claims that WAPI was submitted to fast track • The ISO/IEC Secretaries General have now decided (with support of the NBs) to attempt to resolve the controversy by sending both the WAPI & 802. 11 i proposed amendments to parallel fast track ballots in JTC 1 Summary – Situation Submission 6 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 The parallel fast track ballots started only after the Chinese NB rejected all attempts to harmonise • ISO/IEC attempted to promote a process of harmonisation between 802. 11 i and WAPI, as well as the IEEE and the Chinese NB • The IEEE actively supported the harmonisation activities by: – Participating in meetings with the Chinese NB in US (Nov 04), Germany (Feb 05), Switzerland (May 05), China (Aug 05) & France (Aug 05) – Repeatedly inviting the Chinese NB to participate in 802. 11 activities from the time of the first WAPI controversy – Supporting the standardisation of WAPI technology in appropriate forums – Attempting to hold an 802. 11 meeting in Beijing in May 2005 (but was unable to obtain visas for delegates) • However, the Chinese NB steadfastly rejected all attempts to harmonise 802. 11 i and WAPI by: – Walking out of the meeting in Germany (Feb 05) – Repeatedly refusing to consider any approach except full approval of WAPI “as is, ” regardless of its incompatibility with the existing 8802 -11 standard and its emerging amendments Summary – Situation Submission 7 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 The parallel fast track ballots for WAPI & 802. 11 i allow for none, one or both proposals to be approved Parallel standards WAPI only 802. 11 i only Reject both WAPI Yes No No 802. 11 i Yes No • Both 802. 11 i & WAPI are approved • WAPI is standardised in JTC 1 • 802. 11 i is standardised in JTC 1 • Status quo, with no ISO/IEC security WLAN standard Result • Parallel, independent and conflicting standards are inevitable if both are approved in fast track Summary – Situation Submission 8 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Parallel, independent and conflicting standards are inevitable if both are approved in fast track It is claimed a “stapled” approach is viable if both ballots are approved • One possible outcome of the fast track balloting process is that both 802. 11 i and WAPI are approved • At the Beijing meeting in August 2005, the Chinese NB claimed the two amendments could be “stapled” into 8802 -11 to create a new standard The stapled approach is impossible • The editing instructions in 802. 11 i (1 N 7903) and WAPI (1 N 7904) are contradictory • Execution of editing instructions from both proposals is impossible • Comment resolution would most likely require years to resolve the editorial and normative technical issues – and so is not viable Parallel standards is the only choice if both ballots are approved • The only way to avoid the issues related to the “stapled” approach is to create two parallel and independent standards covering WLANs • Note: the suggestion that comment resolution could harmonise WAPI & 802. 11 i if both were approved is also not viable because the process is not set up for making big changes Summary – Situation - Parallel Submission 9 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 The editing instructions in 802. 11 i (1 N 7903) and WAPI (1 N 7904) are contradictory WAPI Examples from clause 5. 7. 5 of both proposals showing editorial & normative differences 802. 11 i Summary – Situation – Parallel - Editing Submission 10 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Harmonisation is the most desirable outcome, and approval WAPI will preclude harmonisation Parallel standards WAPI only 802. 11 i only Reject both WAPI Yes No No 802. 11 i Yes No • 802. 11 i should be approved, satisfying the needs of 100’s millions of existing users • A no-no vote is not defensible on any technical grounds DESIRABLE LESS DESIRABLE • WAPI is generally unsuitable for approval in its current form Conclusion • Fails to meet • Divorces WTO & ISO/IEC from • Encourages goals & results 802. 11 & results Chinese NB to in ISO/IEC participate in irrelevance in harmonisation WLANs process UNACCEPTABLE • Acceptable only if the Chinese NB are willing to participate in harmonisation Summary – Conclusion Submission 11 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI is generally unsuitable for approval by JTC 1 in its current form Submission 12 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI is generally unsuitable for approval by JTC 1 in its current form WAPI is not suitable for approval via the fast track process WAPI includes functions that are inappropriate in 8802 -11 • WAPI is unstable and immature, making it unsuitable for consideration by fast track ballot • WAPI digital certificates should be considered by JTC 1/SC 6/WG 7 or ITU-T rather than JTC 1/SC 6/WG 1 • Application of established “fast track” contradiction procedures should halt the WAPI fast track ballot • WAPI authentication (WAI) should be considered by JTC 1/SC 27 rather than JTC 1/SC 6/WG 1 WAPI problems Submission 13 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI is generally unsuitable for approval by JTC 1 in its current form WAPI’s use of undisclosed ciphers doesn’t support standards goal of interoperable security WAPI ignores clearly demonstrated market requirements • WAPI’s use of undisclosed or unspecified block ciphers means global interoperability is impossible • WAPI imposes WAI rather than meeting the international market requirement for RADIUS based authentication • WAPI’s use of undisclosed or unspecified block ciphers means users assume it provides no security • WAPI ignores the needs of 200+ million existing 8802 -11 compliant devices WAPI problems Submission 14 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI is unstable and immature, making it unsuitable for consideration by fast track ballot Fast track is designed for mature & stable “existing standards” • The ISO/IEC JTC 1 fast track process is designed to enable fast processing of an “existing standard” • It is implicitly assumed that “existing standards” are stable and mature • The WTO (G/TBT/9) outlines principles for standards development including transparency, openness & consensus WAPI is unstable & immature • The WAPI document has changed multiple times since 2003, with most recent change in August 2005 • It is unclear that WAPI was developed based on WTO principles for transparency, openness & consensus WAPI is not suitable for fast track review • While the Chinese NB has the right to submit WAPI to fast track, it is not suitable given its immaturity and lack of stability • WAPI should be removed from fast track or rejected by the ballot process • WAPI should then be considered using normal ISO non-fast track processes WAPI problems – Immature Submission 15 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI has changed substantially & radically multiple times, with most recent change in August 2005 May 2003 July 2004 August 2005 Chinese standard GB 15629. 11 (2003) 1 N 7506 6 N 12687 1 N 7904 Substantive changes included supporting: Substantive & radical changes included: • Broadcast & multicast, which is required by modern networking • A security MIB • Changing the protection scheme: – from MSDU based – to MPDU based • Replay protection, which is a radical change with interesting subtleties • Introducing a discovery & negotiation scheme duplicated from 802. 11 i WAPI problems – Immature - Timeline Submission 16 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Application of established “fast track” contradiction procedures should halt the WAPI fast track ballot ISO JTC 1 has well established procedures for “fast track” Despite WAPI containing contradictions, they will not be resolved • “ISO/IEC JTC 1 Directives” documents the JTC 1 procedures for fast track • WAPI (1 N 7904) has multiple known “contradictions” with other standards • They require that Pmembers review & comment on documents • However, those “contradictions” in WAPI will not be resolved before the five month ballot starts • Any contradictions with other ISO or IEC standards must be resolved before ballot voting WAPI contradictions must be resolved before fast track progresses • WAPI’s “contradictions” should be resolved according to JTC 1 procedures before the five month ballot starts to avoid impinging on the rights and time of member NBs WAPI problems – Fast track Submission 17 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI has multiple known “contradictions” with other standards WAPI’s digital certificate contradicts the ITU-T X. 509 standard 8802 -11 • WAPI defines a new digital certificate • Digital certificates are outside the established scope of JTC 1/SC 6/WG 1 • Digital certificates have previously been defined by ITU-T in X. 509 (also ISO/IEC Std 9594) WAPI’s authentication mechanism (WAI) does not belong in SC 6 • WAPI defines a new authentication mechanism (WAI) • Authentication mechanisms are outside the established scope of JTC 1/SC 6 WAPI deletion of WEP “contradicts” 8802 -11 • WAPI deletes WEP from 8802 -11 • This change succeeds in making 200+ million devices instantly noncompliant with an existing ISO/IEC standard • This work is probably best done in JTC 1/SC 27 • The digital certificate work in WAPI is probably best considered by ITU-T WAPI problems – Fast track – Contradictions Submission 18 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 There is no plan for “contradictions” in WAPI to be resolved before the 5 month ballot starts • China NB submitted a WAPI specification as a New Work Item Proposal (NP) to JTC 1 in July 04 • However, the China NB did not submit a WAPI specification for fast track ballot until 25 Aug 05 – • The WAPI specification submitted (1 N 7904) is radically different from any previous submission The entries for Proposer & Secretariat on the NP form appear to have been transposed accidentally so that it appeared that SC 6 had submitted the proposal • The JTC 1 Secretariat issued WAPI (1 N 7506) as a concurrent ballot on the assumption that the SC 6 Secretariat had already initiated a ballot in SC 6 • ISO/IEC Secretaries General ruled in a letter (6 Sept) that 1 N 7904 will progress to fast track, with a 30 day contradiction review and a 5 month ballot • However, it is believed that the NP was not submitted to the SC 6 Secretariat • • When the JTC 1 Secretariat realised the situation they voided 1 N 7506 and asked the China NB to submit the proposal to SC 6 However, it was also ruled that the 5 month ballot will proceed regardless of any contradictions uncovered • This is contrary to normal ISO JTC 1 practice and process • 1 N 7506 was never subjected to a 30 day contradiction review WAPI problems – Fast track – No resolution Submission 19 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI digital certificates should be considered by JTC 1/SC 6/WG 7 or ITU-T rather than JTC 1/SC 6/WG 1 WAPI defines a digital certificate format • WAPI (1 N 7904) defines a novel digital certificate format in 8. 1. 3 Digital certificates are outside the scope of JTC 1/SC 6/WG 1 The WAPI certificates should be submitted to another forum • ISO/IEC JTC 1/SC 6 WG 1’s scope is MAC & PHY standards, not digital certificate standards • WAPI digital certificates have a wider application than WLANs • The digital certification formats are already co- standardized by: – JTC 1/SC 6/WG 7 (ISO/IEC Std 9594) – ITU-T (ITU-T Std X. 509) • WAPI digital certificates do not appear to support any functions that X. 509 does not already provide • Consideration of WAPI digital certificates should be moved to: – JTC 1/SC 6/WG 7 – ITU-T WAPI problems – Digital certificates Submission 20 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI authentication (WAI) should be considered by JTC 1/SC 27 rather than JTC 1/SC 6/WG 1 WAPI defines an authentication protocol called WAI • WAPI defines a novel authentication methods (WAI) in clause 8. 1. 4. 2 Authentication is outside the scope of JTC 1/SC 6/WG 1 WAI should be submitted to JTC 1/SC 27 • ISO/IEC JTC 1/SC 6/WG 1 developed and maintains 8802 -11 • WAI is easily applicable to many environments besides wireless LAN standards - eg China’s NB has signaled its intention to apply WAI to Wi. MAX • The scope of WG 1 is “Physical and data link layers” • Authentication standards as proposed by the WAPI submission are outside the scope of ISO/IEC JTC 1/SC 6/WG 1 • JTC 1/SC 27 appears to be the appropriate standardization body for authentication methods WAPI problems - Authentication Submission 21 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI’s use of undisclosed or unspecified block ciphers means global interoperability is impossible WAPI uses a secret or a unspecified block cipher • WAPI specifies the use of a block cipher within China called SMS 4, which appears to be unavailable to non. Chinese parties • WAPI suggests that another block cipher should be used in other countries, but does not specify the cipher WAPI doesn’t enable global interoperability WAPI must be modified to enable global interoperability • It appears likely that non Chinese companies will be unable to implement WAPI based on SMS 4 • Interoperability in most countries is required by vendors, users & the standards community • WAPI based on SMS 4 does not interoperate with WAPI based on any other block cipher • Either SMS 4 must be disclosed or another disclosed block cipher must replace it • The lack of at least one specified, globally available block cipher means global WAPI interoperability is impossible • Alternatively, WAPI should remain as a Chinese national standard rather than an international standard WAPI problems – Global interoperability Submission 22 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI’s use of undisclosed or unspecified block ciphers means users assume it provides no security WAPI uses undisclosed or unspecified block ciphers • WAPI specifies the use of a block cipher within China called SMS 4, which has not been publicly disclosed • WAPI suggests that another block cipher should be used in other countries, but does not specify the cipher WAPI’s security cannot be evaluated • 100% of WAPI’s data security derives from the underlying block cipher • It is impossible to independently evaluate WAPI’s security because no publicly disclosed block cipher is specified • Without independent analysis, the market will assume that WAPI provides no security WAPI must be modified to enable a proper security review • Unknown security is unacceptable to governments, vendors, users & the standards community • Either SMS 4 must be disclosed or another disclosed block cipher must replace it • Alternatively, WAPI should remain as a Chinese national standard rather than an international standard WAPI problems – No security Submission 23 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI imposes WAI rather than meeting the international market requirement for RADIUS based authentication WAPI specifies a single authentication method called WAI WAPI ignores the market requirement for RADIUS based authentication WAPI should be modified to recognise market requirements for RADIUS • WAPI (1 N 7904) requires the use WAI authentication • WAI is incompatible with widely deployed RADIUS mechanisms, making WAI irrelevant to the majority of the market whom have an existing large RADIUS investment • WAI should be standardised as another authentication method available to the market • In contrast, 802. 11 i supports RADIUS authentication • In contrast, 802. 11 i was designed to satisfy the demonstrated market need for WLANs to reuse existing RADIUS infrastructure • In the meantime, WAPI should be modified to allow the use of RADIUS, as well as WAI • This approach ensures WAPI satisfies the goal of standards to grow markets, not arbitrarily restrict them WAPI problems – Imposes WAI Submission 24 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 WAPI ignores the needs of 200+ million existing 8802 -11 compliant devices Amendments must be compatible with existing compliant devices • It is a well accepted principle of standards development that amendments should continue to support existing compliant devices WAPI ignores the needs of 200+ million 8802 -11 compliant devices WAPI must be modified to recognise existing 8802 -11 devices • The 200+ million existing 8802 -11 devices that can only implement WEP must be supported • 802. 11 i (1 N 7903) provides an example of what WAPI must do before it begins to be acceptable: – Deprecating rather than deleting WEP – Defining an upgrade path using TKIP, which provides real security guarantees within the resource constraints of the deployed technology • However, WAPI (1 N 7904) ignores the needs of these devices by: – Deleting WEP – Defining no suitable upgrade path WAPI problems – Ignores existing Submission 25 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Parallel standards fail to meet WTO & ISO/IEC requirements and will result in ISO/IEC irrelevance in WLANs Submission 26 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Parallel standards fail to meet WTO & ISO/IEC goals and will result in ISO/IEC irrelevance in WLANs Contrary to ISO/IEC & WTO Leads to ISO/IEC irrelevance WAPI subject to IPR uncertainty Approval of both WAPI & 802. 11 i in the fast track ballot is contrary to ISO & WTO goals The approval of both WAPI & 802. 11 i results in divorce from future IEEE work and ISO/IEC irrelevance in WLANs Any WAPI version of 8802 -11 without IEEE support is subject to severe “IPR uncertainty” Approve one or neither of WAPI & 802. 11 i Approve only 802. 11 i WAPI is generally unsuitable for approval by JTC 1 in its current form Parallel problems Submission 27 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Approval by JTC 1 of both WAPI & 802. 11 i in the fast track ballot is contrary to ISO/IEC & WTO goals S Both WTO & ISO discourage duplicate standards C • The ISO Strategic Plan 2005 -2010 clearly states one standard is KL preferable • The WTO “Agreement On Technical Barriers To Trade” states that duplication of standards should be avoided Approval of 802. 11 i and WAPI is contrary to WTO and ISO goals Only one of 802. 11 i and WAPI should be approved • The approval of both WAPI and 802. 11 i will result in two incompatible and non interoperable standards covering WLANs • NB’s under WTO rules and ISO goals have a responsibility to approve only one of the proposals Parallel problems – ISO/WTO goals Submission 28 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Both WTO & ISO discourage duplicate standards ISO Strategic Plan 2005 -2010 WTO “Agreement On Technical Barriers To Trade” • “One standard, one test, and one conformity assessment procedure accepted everywhere” • “The standardizing body within the territory of a Member shall make every effort to avoid duplication of, or overlap with, the work of other standardizing bodies in the national territory or with the work of relevant international or regional standardizing bodies” Parallel problems – ISO/WTO goals - Quotes Submission 29 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 The approval of both WAPI & 802. 11 i results in divorce from future IEEE work & ISO/IEC irrelevance in WLANs Approval of 802. 11 i & WAPI results in two independent standards Both standards will become irrelevant over time Continued relevance requires that only 802. 11 i be approved • If JTC 1 approves both 802. 11 i and WAPI during the fast track then two parallel & independent standards will result – 8802 -11+802. 11 i – 8802 -11+WAPI • IEEE will continue developing 802. 11 but will not support further development of either version of 8802 -11 • 8802 -11 will become increasingly irrelevant because there will be no body capable & willing to properly develop it • In the short term, it will be orphaned from many known future 802. 11 amendments • All NB’s have a responsibility to only approve the amendment that provides for the future relevance of ISO/IEC 8802 -11 standards • These standards will need to be maintained & extended in the future • Only approval of 802. 11 i meets this test Parallel problems - Irrelevance Submission 30 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 ISO/IEC 8802 -11 may be orphaned from many known future IEEE 802. 11 amendments & corrigenda • If IEEE 802. 11 stops supporting ISO/IEC 8802 -11 development then ISO/IEC 8802 -11 development will be orphaned from: – – – – – 802. 11 e (Qo. S) 802. 11 k (radio resource measurement) 802. 11 ma (rolling up 802. 11 e/g/h/i/j on the base/a/b/d and other corrections) 802. 11 n (high rate) 802. 11 p (vehicular) 802. 11 r (fast roaming) 802. 11 s (mesh) 802. 11 u (inter-working with external networks) 802. 11 v (wireless network management) 802. 11 w (management frame protection) • Note that these amendments represent 1, 000’s of man years of effort that JTC 1 could not hope to duplicate successfully Parallel problems – Irrelevance - Amendments Submission 31 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Any WAPI version of ISO/IEC 8802 -11 is subject to severe “IPR uncertainty” IPR statements have been submitted to IEEE for 802. 11 • Various organisations assert rights to various elements of 802. 11 • Most of these organisations have made RAND IPR statements to IEEE It is not clear these IPR statements apply to a WAPI version of 8802 -11 The IPR issue needs to be understood and resolved • These statements only apply to specific the IEEE Standard (see IEEE IPR statement) • An international standard that cannot be legally implemented is not very useful • These statements do not apply to an ISO standard that is substantially different from the IEEE standard • It is important for JTC 1 to understand resolve the IPR issue – ie the 8802 -11 plus WAPI standard as proposed by Chinese NB Parallel standards – IPR Submission 32 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 802. 11 i is suitable for fast track approval, satisfying the needs of 100’s millions of existing users Submission 33 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 802. 11 i is suitable for fast track approval, satisfying the needs of 100’s millions of existing users 802. 11 i is suitable for approval using the fast track process • 802. 11 i is a stable & mature standard based on an open and international development process 802. 11 i supports clearly demonstrated international market requirements 802. 11 i provides verifiable security based on disclosed algorithms • 802. 11 i meets international market authentication requirements by supporting RADIUS authentication • 802. 11 i provides a migration path for the 200 million existing 8802 -11 compliant WEP-only devices • 802. 11 i is being shipped in 250, 000 new devices every day • All 802. 11 i algorithms are fully specified & disclosed, enabling global interoperability • 802. 11 i provides independently verified security satisfying the needs of an international standard 802. 11 i benefits Submission 34 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 802. 11 i is a stable & mature standard based on an open & international development process Fast track is designed for mature & stable “existing standards” • The JTC 1 fast track process is designed to enable fast processing of an “existing standard” • It is implicitly assumed that “existing standards” are stable and mature • The WTO (G/TBT/9) outlines principles for standards development including transparency, openness & consensus 802. 11 i is stable & mature 802. 11 i is suitable for fast track review • 802. 11 i was developed using an open process compatible with ISO/IEC and WTO principles - Review by over 500 international engineers - Independent review by cryptographers - Sponsor ballot review by 100 reviewers - Interoperability testing by vendor community - 4 years of open development • All NBs have a responsibility to approve only mature documents 802. 11 i benefits - Stable Submission 35 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 802. 11 i meets international market authentication requirements by supporting RADIUS authentication Market refused to deploy WLANs without RADIUS authentication • Sales of 8802 -11 systems lagged even before any problems with WEP were identified • The international market demanded reuse of its established authentication technology base • Each organization wants set its own authentication policy 802. 11 i supports RADIUS based authentication Only 802. 11 i aligns with market realities • 802. 11 i was designed with the goals of - Allowing reuse of existing RADIUS authentication - Making RADIUS authentication as secure as possible in a WLAN • All NBs have a responsibility to align ISO standards with international market reality • The international market has rewarded the design by deploying 70 million devices in the first year 802. 11 i benefits – Market needs Submission 36 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 802. 11 i provides a migration path for the 200 million existing 8802 -11 compliant WEP-only devices Amendments must be compatible with existing compliant devices • Amendments of standards should continue to support deployed compliant devices 802. 11 i supports an upgrade path through TKIP • 802. 11 i (1 N 7904) defines TKIP as a patch applicable to the 200 million existing WEPonly devices • 802. 11 i deprecates WEP but allows its use for cases where upgrade is not economically feasible 802. 11 i is compatible with ISO legacy support goals • All NBs have a responsibility to ensure existing conformant devices remain so • 802. 11 i achieves this goal • 802. 11 i defers the decision on WEP’s use to a local policy decision, not imposing policy 802. 11 i benefits - Migration Submission 37 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 802. 11 i represents market reality & is being shipped in 250, 000 new devices every day Standards need to reflect market reality 802. 11 i represents WLAN market reality 8802 -11 must include 802. 11 i • It is vital that standards reflect market reality • 250, 000 802. 11 i capable devices are being shipped every day as APs, NICs and embedded devices • The NB’s have a responsibility to ensure 802. 11 i is incorporated into 8802 -11 • This means that standards must support products that are successful in the market place • The massive success of 802. 11 i can be contrasted to a claimed rollout of only 10, 000 WAPI APs in western China after 2+ years of rollout (source: Chinese NB at Beijing meeting) 802. 11 i benefits - Support Submission 38 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 All 802. 11 i algorithms are fully specified & disclosed, enabling global interoperability ISO strive to promote global interoperability 802. 11 i enables global interoperability • ISO explicitly states its business goal as promoting interoperability • All of 802. 11 i is specified in 1 N 7903 or in other publicly available documents - One standard, one test, and one conformity assessment procedure accepted everywhere • All authentication mechanisms used by 802. 11 i are defined in publicly available documents Only 802. 11 i supports global interoperability • All NBs have a responsibility to only approve amendments that promote global interoperability • All mandatory-toimplement 802. 11 i algorithms are in the public domain 802. 11 i benefits - Disclosed Submission 39 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 802. 11 i provides independently verified security satisfying the needs of an international standard Security claims standards should be independently verifiable • Standards should not make unsubstantiated security claims • All security claims must be independently verified All 802. 11 i security claims have independently verified 802. 11 i security is appropriate for an international standard • Numerous independent cryptographic reviews have verified 802. 11 i security claims - Including by R. Rivest, D. Wagner, P. Rogaway, J. Jonsson, S. Langford, J. Kelsy, etc. • All NBs have a responsibility to promote standards whose security claims are independently verified • No fundamental security flaw has been identified by any independent review 802. 11 i benefits - Verified Submission 40 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 A no-no vote is not defensible on any technical grounds Submission 41 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 A no-no vote is not defensible on any technical grounds • There is no technical justification for a no vote on 802. 11 i (1 N 7903) • There is substantial technical justification for a no vote on WAPI (1 N 7904) Submission 42 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 A harmonised approach is desirable as long as the Chinese NB are willing to participate Submission 43 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 A harmonised approach is desirable as long as the Chinese NB are willing to participate • Harmonisation advantages outweigh the disadvantages – – Addresses the needs of all Ensures all useful technology is included Ensures an evolving standard that is secure, open & implementable Takes time but so do “good” standards • IEEE 802 is eager to facilitate a “harmonised standard” • IEEE 802 & ISO leadership have suggested a number of harmonisation mechanisms based on approved ISO/IEC processes for collaboration with IEEE 802 – See 8802 -1: 2001 (Feb 01), 6 N 11917 (April 01) • So far none of the harmonisation mechanisms have been accepted by the Chinese NB • The key to success of the harmonisation approach is Chinese NB willingness to participate Submission 44 Harmonised IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Harmonisation addresses the needs of all, providing an evolving standard that is secure, open & implementable • Ensures all market needs (from China and rest of the world) are addressed by enabling global input • Incorporates the best technology from both WAPI and 802. 11 i • Provides a standard that is secure, open, complete and implementable • Ensures a living standard compatible with existing & future 802. 11 amendments • Provides an opportunity for the Chinese NB to work constructively in international standards bodies • Defines the only way to incorporate WAPI technology that is acceptable to the international standards community and the global WLAN market Harmonised - Positives Submission 45 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 Harmonisation takes time but so do “good” standards • It will take substantial effort and some time to complete harmonisation – Some elements of WAPI can be harmonised relatively quickly — eg SHA-256 can be integrated with 802. 11 within six months – Some elements may take make longer — eg WAI needs to be standardised in the appropriate forum • However, good standards inevitably take time to complete – Time is required for complete and accurate review – Time is required for consensus building • We should let the engineers participating in the harmonisation process determine the best scope, solution and timing Harmonised - Barriers Submission 46 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 IEEE 802 is eager to facilitate a “harmonised standard” to achieve 802. 11/WAPI integration ISO • Agree on “harmonised standard” approach • Either delay or approve 802. 11 i IEEE 802. 11 SG 802. 11 TG • Approve formation of 802. 11 Study Group • Confirm scope of 802. 11 amendment including WAPI technology • Write 802. 11 amendment … Previous suggestion from IEEE rejected by China NB • Approved in July 2005 to support existing ISO & IEEE collaboration agreement • SC 6 NB participation invitation issued in Saint. Paul de Vence, with full SG voting rights • SG starts in Nov 05 in Vancouver • Participating NBs receive Immediate SG voting rights • SG can conduct interim meetings in more convenient locations, e. g. China Harmonised - IEEE Submission 47 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 IEEE have suggested harmonisation mechanisms based on approved ISO/IEC collaboration processes Process proposed by IEEE at Beijing meeting (August 2005) Results ISO/IEC JTC 1/SC 6 appoint an Ad hoc Working Group (AHWG) to develop an outline & timetable for integration of elements of the WAPI technology & 802. 11 i into ISO/IEC 8802 -11 IEEE The AHWG formally liaise with IEEE 802 to ensure the outline represents a feasible way to integrate WAPI technology & 802. 11 i into 8802 -11 & IEEE Standard 802. 11 The work defined by the outline & schedule for integration of WAPI technology & 802. 11 i into ISO/IEC 8802 -11 & IEEE Standard 802. 11 be executed in appropriate WGs within ISO/IEC JTC 1/SC 6 & IEEE 802, as agreed jointly by JTC 1/SC 6 and IEEE 802 A very close liaison be established to track and review the work as it develops in JTC 1/SC 6 and IEEE 802 to ensure compatibility is maintained with existing and developing ISO/IEC 8802 -11 and 802. 11 amendments. Accept SAC Reject ANSI Reject KATS Abstain As long as progress continues, ISO/IEC JTC 1 delay resumption of the 802. 11 i fast track ballot and not consider any other security related amendments to 8802 -11 Harmonised - IEEE Submission 48 IEEE 802. 11 WG

Sept 2005 doc: IEEE 802. 11 -05/0967 r 6 The key to success of the harmonisation approach is Chinese NB willingness to participate • Harmonisation of WAPI & 802. 11 i is a desirable goal • IEEE 802 even offered to delay 802. 11 i standardisation to achieve this goal • However, the Chinese NB has refused all suggestions to achieve harmonisation • The most desirable approach is a “yes” vote for 802. 11 i (1 N 7903) & a “no” vote for WAPI (1 N 7904) – It enables the future of an international standard reflecting the market reality of a growing base of 100’s millions of 8802 -11 and 802. 11 i users – It may motivate the Chinese NB to participate in a harmonisation process, including normal JTC 1/IEEE collaboration mechanisms • A “no” vote for both 802. 11 i (1 N 7903) & WAPI (1 N 7904) is an acceptable but less desirable outcome – It might lead to harmonisation but provides little incentive to do so – It is more likely to lead to delay & uncertainty given the historical unwillingness of the Chinese NB to discuss harmonisation • In either of the above cases, IEEE 802 will continue to seek harmonisation of 802. 11 i & WAPI Harmonised - Participation Submission 49 IEEE 802. 11 WG