Watch Out! It's Now Obsolete. IEEE 802.11 and the Use of the Terms "Obsolete" and "Deprecated"
By Tom Carpenter On 05/12/2020
The IEEE 802.11 standard, referenced in this article as simply 802.11, uses two terms of importance: obsolete and deprecated. Viewing historical trends can reveal future probabilities of feature removal from the standard. In this article, I'll discuss the meaning of the two terms in general and the actions the IEEE has taken in relation to them. The good news is that WEP is now obsolete in 802.11 (or will be in a few months) and not just deprecated... more on that later.
The 802.11 standard is huge. The 802.11-2016 maintenance roll-up was 3,534 pages and the current draft of 802.11-2020 (3.2) is 4,646 pages (though that size is likely to shrink a small amount after editing). 802.11-2016 included 802.11-2012 and the following amendments all rolled into the maintenance roll-up:
- 802.11ae-2012 - Prioritization of Management Frames
- 802.11aa-2012 - MAC Enhancements for Robust Audio Video Streaming
- 802.11ad-2012 - Enhancements for Very High Throughput in the 60 GHz Band
- 802.11ac-2013 - Enhancements for Very High Throughput Operation in Bands below 6 GHz
- 802.11af-2013 - Television White Spaces (TVWS)
The new 802.11-2020 roll-up will include 802.11-2016 and the following amendments:
- 802.11ai-2016 - Fast Initial Link Setup (second printing)
- 802.11ah-2016 - Sub 1 GHz License Exempt Operation
- 802.11aj-2018 - Enhancements for Very High Throughput to Support Chinese Millimeter Wave Frequency Bands (60 GHz and 45 GHz)
- 802.11ak-2018 - Enhancements for Transit Links within Bridged Networks
- 802.11aq-2018 - Preassociation Discovery
Now, it is important to note that the maintenance group (Task Group Maintenance or TGm) can edit the documents significantly, correcting errors and even introducing entirely new capabilities. While most of what they do is "clean-up" and aggregation, they do introduce new capabilities from time-to-time. I discussed this briefly in a talk at Wi-Fi Trek 2019, which can be viewed here: Things You Didn't Know You Wanted To Know About Wireless. (The link will start the video at the point where I talk about TGm updates.) In this case, I point out that TGmc (the group that created 802.11-2016) added a new capability called Fine Timing Measurement.
For the remainder of this article, I will focus on the terms obsolete and deprecated as they are used in the standard. I will limit my focus to TGm work and not individual amendments, though the concepts can apply there as well (though I could only find four historic amendments using the term obsolete in them for new obsoletion, 802.11ah (HT-delated block ack obsolete), 802.11ac (RIFS obsolete for VHT and HT), 802.11ax (draft: references obsolete security and defines rules for 6 GHz [no WEP or TKIP allowed and no PSK - must use SAE instead, excellent!]), and 802.11s (WDS obsolete)).
First of all, in the IT world of standards, APIs and other concepts, in general, the terms obsolete and deprecated are often used as synonyms. However, within the 802.11 standard, they have very different implications based on historic use. The term deprecated indicates a feature that is no longer maintained and may have technical errors in that portion of the 802.11 standard. The term obsolete also indicates this. However, the term deprecated has been used historically for features that remain for ten years, or more, of TGm updates. For example, WEP was deprecated all the way back in 2004 with the ratification of 802.11i-2004; however, it still remains in the standard and will still be in the 802.11-2020 roll-up (unless something changes before the final document is delivered). But, an important change is coming in 802.11-2020 and that is that WEP, for the first time in a roll-up, is labeled as obsolete.
We can get insight into the process by looking at the freely available group notes, which can be downloaded here: IEEE 802.11 documents. When exploring these documents, we see that a commentor, Michael Montemurro, stated that, "WEP is obsolete and has not been maintained (comments on it in previous ballots were rejected on the basis it was obsolete and was going to be deleted), so implementations based on the current wording are likely to be erroneous." He further suggested as a proposed change, "Delete the referenced subclause." This was in reference to subclause 12.3.3.3 Shared Key Authentication.
The resolution response to this comment stated, "The task group discussed removal of WEP and/or TKIP from the standard and decided to not change the standard based on strawpolls in the direction for the resolution. The strawpolls were held during the Warsaw meeting (2018-05-08) and the option to keep WEP and TKIP text as-is received most support." A further ad-hoc note stated, "There are known implementations of these features in the market, so we choose not to remove them at this time. The Group did not come to consensus on removal of these two features." The following image shows this discussion in the downloadable Excel spreadsheet from the link above.
As you can see, the discussions are open for all to view and they provide insight into the decision process. However, though they chose not to remove WEP as of yet, they did (based on other comments and responses) choose to mark it as obsolete. What does this mean for the future of WEP in the standard? Let me answer that question by analyzing what has happened to obsolete elements in the past.
In the 802.11-2016 roll-up, 34 entries are found for the term obsolete. Two of these are found in the following paragraph early in the document:
In addition, this revision specifies technical corrections and clarifications to IEEE Std 802.11 as well as enhancements to the existing medium access control (MAC) and physical layer (PHY) functions. In addition, this revision removes some features previously marked as obsolete and adds new indications of other obsolete features.
IEEE 802.11-2016
This paragraph makes it clear that they had removed "some features previously marked as obsolete" and that new indications were found in the 802.11-2016 document indicating feature obselescense. Interestingly, 802.11-2012 used the term obsolete 14 times and every single one of those obsolete items was removed in the 802.11-2016 roll-up, including the entire FHSS and Infrared PHYs. That's a 100% removal rate from 802.11-2012 to 802.11-2016.
Now, let's explore the removal rate, at the time of draft 3.2, for 802.11-2020 based on obsolete items in 802.11-2016. 802.11-2016 has, as stated previously, 34 entries for the word obsolete. However, two of them were used simply to explain the term in the standard (though, in my opinion, they don't explain it well as history shows obsolete means something very different in results from deprecated). An additional three of them are used to reference obsolete allocation, which is in reference to service period (SP) allocation and not to an obsolete feature. This leaves 29 to be evaluated.
The analysis showed that out of 29 obsolete entries, 25 of them were removed in the 802.11-2020 draft, though hints of their existence may remain for backward compatibility, such as the need to be able to interpret a frame that references the feature even though it is not supported in the standard as ratified. This is a removal rate of 86%. The average, therefore, between the removals from 802.11-2012 to 802.11-2016 and the removals from 802.11-2016 to 802.11-2020 is 93% removal.
Now, I said that WEP is now obsolete. Technically, it is a Pre-RSNA solution and all Pre-RSNA solutions have been referenced as obsolete before. However, Shared Key authentication and WEP were individually and specifically called out as deprecated in the past. For example, the "Definitions specific to IEEE Std 802.11" defined WEP as, "A deprecated cryptographic data confidentiality algorithm specified by this standard." in 802.11-2016. Now, in 802.11-2020, it is defined as, "An obsolete cryptographic data confidentiality algorithm specified by this standard." This might seem insignificant, but when you consider the historic use of deprecated versus obsolete in the 802.11 standard, it is anything but insignificant.
Do you need further weight of evidence that WEP is doomed? TKIP is still referenced as deprecated and this is intentional. Per comment 2140 in the TGm, a commentor suggested that both WEP and TKIP be changed to an obsolete reference and the group decided not to comply. Instead, they chose to reference WEP as obsolete and TKIP as deprecated. This decision suggests, quite clearly, that the group feels WEP is closer to removal than TKIP.
- No Pre-RSNA security methods at all
- No Open System authentication without encryption
- Stations should use OWE instead of Open System authentication without encryption
- No PSK at all
- Stations should use SAE instead of PSK
Clearly, they are completely disallowing use of WEP, TKIP, Shared Key authentication, and Open System authentication without encryption in the new band.
While this was a pleasant analysis experiment, it also gives us hope for some final removals from the standard that those supporting it in the community have long desired.
Oh, by the way, PCF is dead! Thank you TGm.
Tagged with: 802.11, ieee 802.11, deprecated features, obsolete features, deprecated, obsolete
Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.