FRAMINGHAM (12/15/2003) - The Chinese government has settled on a policy that wireless LAN equipment made in China and sold for use there must implement a Chinese standard called Wired Authentication and Privacy Infrastructure. The policy requires WAPI encryption and authentication security in WLAN products in China by June 2004. Some large WLAN equipment manufacturers in the U.S., including Cisco Systems Inc., say they have not found it easy to get details about the standard. The Chinese government is allowing the encryption technology to be shared only through designated Chinese companies, some of which are direct competitors, such as Huawei Technologies Co. Ltd. A leading U.S. encryption expert, Bruce Schneier, says he hasn't seen the Chinese standard but added that U.S.-based attempts for WLAN security standards have been "so robustly bad" that if the Chinese standard "turns out to be good, we might want to adopt it in the West." Traditionally, encryption and key-management standards have been openly published -- unless they are deemed to have military value.
[]