[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Betsi
FYI - PGP-based experimental service for verification of
software integrity from Bellcore. I haven't seen this
announcement turn up on the usual Usenet groups (yet), and
thought that it may be of interest to people here. [Apologies in
advance if it's a superfluous forwarding ...]
- pvm
Date: Mon, 29 Aug 1994 13:27:19 -0400
From: [email protected] (David Farber)
Subject: Bellcore's Trusted Software Integrity (Betsi) System
A N N O U N C I N G ! ! ! ! !
Bellcore's Trusted Software Integrity (Betsi) System.
Betsi addresses a security concern of software distribution in the
Internet. Currently, there is no way to know that software obtained by
anonymous ftp has not been modified since it was posted. Also,
malicious software can be posted without the offender leaving a trace.
Betsi is an experimental prototype that is meant to provide some degree
of assurance about the integrity of software and the identity of its
author.
The current version of Betsi is an experiment. The long-term goals are:
- help software vendors distribute programs and patches
- provide accountability by linking the author of a program
to a real person whose identity is verified off-line
- allow users to run software obtained on the Internet with
less danger of viruses and Trojan horses
- use cryptographically strong techniques to preserve file
integrity
- scale well in the Internet community
- minimize effort on the part of the users
- use existing infrastructure and standards
Betsi is a free, experimental service. It requires use of PGP to verify
signatures from Betsi. Betsi's public key is widely available. It can
be obtained from numerous public key servers by requesting the key for
certify or Betsi. It also appears in a paper that was submitted for
publication, in the help file (described in a moment) and at the end of
this message.
For additional information on Betsi send mail to [email protected]
with subject, help.
A copy of the paper describing Betsi can be obtained by anonymous ftp
from thumper.bellcore.com in the directory /pub/certify. A copy of the
public key for Betsi can also be found there. It is recommended that
the key be obtained from at least two different places and compared.
Betsi's public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
mQCNAi5I0LwAAAEEAJZi970w+Lb7onAmrnExWKrgUFbjJku29qVRlBY6/UtUH+fW
s7MtAEUKIhktJ0cDpE+5Tbi6Lev2RXmXhT1hEjwxSwVFOMJmOuMZxlj+586IKigC
vVjF+hCFKQWRXsleM/axVbpH+pNUmWcK6QMdBDFlzS/9pxdAiBPcEwSgd4ahAAUR
tBxCZXRzaSA8Y2VydGlmeUBiZWxsY29yZS5jb20+iQB1AgUQLkjREpti/eSkC5bZ
AQFzNwL8CVk6J8jhHukKKjrkdZX5VZMwuvgs7+ZIVR8fY+vpEBs6EbWAQpmm4ekV
C4D6UOYCRxARpQN09M1aE9qSz6XKkYQjs9Ul/xRLtazDAuYOAkRxO3mnrFa2u6Tc
+qXcZame
=68fV
-----END PGP PUBLIC KEY BLOCK-----
Fingerprint:
5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C