Interesting People mailing list archives
Bellcore's Trusted Software Integrity (Betsi) System
From: David Farber <farber () central cis upenn edu>
Date: Mon, 29 Aug 1994 13:27:19 -0400
A N N O U N C I N G ! ! ! ! ! Bellcore's Trusted Software Integrity (Betsi) System. Betsi addresses a security concern of software distribution in the Internet. Currently, there is no way to know that software obtained by anonymous ftp has not been modified since it was posted. Also, malicious software can be posted without the offender leaving a trace. Betsi is an experimental prototype that is meant to provide some degree of assurance about the integrity of software and the identity of its author. The current version of Betsi is an experiment. The long-term goals are: - help software venders distribute programs and patches - provide accountability by linking the author of a program to a real person whose identity is verified off-line - allow users to run software obtained on the Internet with less danger of viruses and trojan horses - use cryptographically strong techniques to preserve file integrity - scale well in the Internet community - minimize effort on the part of the users - use existing infrastructure and standards Betsi is a free, experimental service. It requires use of pgp to verify signatures from Betsi. Betsi's public key is widely available. It can be obtained from numerous public key servers by requesting the key for certify or Betsi. It also appears in a paper that was submitted for publication, in the help file (described in a moment) and at the end of this message. For additional information on Betsi send mail to certify () bellcore com with subject, help. A copy of the paper describing Betsi can be obtained by anonymous ftp from thumper.bellcore.com in the directory /pub/certify. A copy of the public key for Betsi can also be found there. It is recommended that the key be obtained from at least two different places and compared. Betsi's public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi5I0LwAAAEEAJZi970w+Lb7onAmrnExWKrgUFbjJku29qVRlBY6/UtUH+fW s7MtAEUKIhktJ0cDpE+5Tbi6Lev2RXmXhT1hEjwxSwVFOMJmOuMZxlj+586IKigC vVjF+hCFKQWRXsleM/axVbpH+pNUmWcK6QMdBDFlzS/9pxdAiBPcEwSgd4ahAAUR tBxCZXRzaSA8Y2VydGlmeUBiZWxsY29yZS5jb20+iQB1AgUQLkjREpti/eSkC5bZ AQFzNwL8CVk6J8jhHukKKjrkdZX5VZMwuvgs7+ZIVR8fY+vpEBs6EbWAQpmm4ekV C4D6UOYCRxARpQN09M1aE9qSz6XKkYQjs9Ul/xRLtazDAuYOAkRxO3mnrFa2u6Tc +qXcZame =68fV -----END PGP PUBLIC KEY BLOCK----- Fingerprint: 5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C
Current thread:
- Bellcore's Trusted Software Integrity (Betsi) System David Farber (Aug 29)