[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Announcing Bellcore's Trusted Software Integrity (Betsi) System
A N N O U N C I N G ! ! ! ! !
Bellcore's Trusted Software Integrity (Betsi) System.
Betsi addresses a security concern of software distribution in the Internet.
Currently, there is no way to know that software obtained by anonymous ftp
has not been modified since it was posted. Also, malicious software can be
posted without the offender leaving a trace. Betsi is an experimental prototype
that is meant to provide some degree of assurance about the integrity
of software and the identity of its author.
The current version of Betsi is an experiment. The long-term
goals are:
- help software venders distribute programs and patches
- provide accountability by linking the author of a program
to a real person whose identity is verified off-line
- allow users to run software obtained on the Internet with
less danger of viruses and trojan horses
- use cryptographically strong techniques to preserve file
integrity
- scale well in the Internet community
- minimize effort on the part of the users
- use existing infrastructure and standards
Betsi is a free, experimental service. It requires use of pgp to
verify signatures from Betsi. Betsi's public key is widely available.
It can be obtained from numerous public key servers by requesting
the key for certify or Betsi. It also appears in a paper that
was submitted for publication, in the help file (described in a moment)
and at the end of this message.
For additional information on Betsi send mail to
[email protected] with subject, help.
A copy of the paper describing Betsi can be obtained by anonymous
ftp from thumper.bellcore.com in the directory /pub/certify.
A copy of the public key for Betsi can also be found there.
It is recommended that the key be obtained from at least two
different places and compared.
Betsi's public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
mQCNAi5I0LwAAAEEAJZi970w+Lb7onAmrnExWKrgUFbjJku29qVRlBY6/UtUH+fW
s7MtAEUKIhktJ0cDpE+5Tbi6Lev2RXmXhT1hEjwxSwVFOMJmOuMZxlj+586IKigC
vVjF+hCFKQWRXsleM/axVbpH+pNUmWcK6QMdBDFlzS/9pxdAiBPcEwSgd4ahAAUR
tBxCZXRzaSA8Y2VydGlmeUBiZWxsY29yZS5jb20+iQB1AgUQLkjREpti/eSkC5bZ
AQFzNwL8CVk6J8jhHukKKjrkdZX5VZMwuvgs7+ZIVR8fY+vpEBs6EbWAQpmm4ekV
C4D6UOYCRxARpQN09M1aE9qSz6XKkYQjs9Ul/xRLtazDAuYOAkRxO3mnrFa2u6Tc
+qXcZame
=68fV
-----END PGP PUBLIC KEY BLOCK-----
Fingerprint:
5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C