1994-08-29 - Announcing Bellcore’s Trusted Software Integrity (Betsi) System

Header Data

From: rubin@faline.bellcore.com (Avi Rubin)
To: cypherpunks@toad.com
Message Hash: 42ca7189627f2e9bc69026818e54986033f3bbc5f8fd9f42bc68453ca7db47de
Message ID: <199408291628.MAA19544@faline.bellcore.com>
Reply To: N/A
UTC Datetime: 1994-08-29 16:28:34 UTC
Raw Date: Mon, 29 Aug 94 09:28:34 PDT

Raw message

From: rubin@faline.bellcore.com (Avi Rubin)
Date: Mon, 29 Aug 94 09:28:34 PDT
To: cypherpunks@toad.com
Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System
Message-ID: <199408291628.MAA19544@faline.bellcore.com>
MIME-Version: 1.0
Content-Type: text/plain


                         A N N O U N C I N G ! ! ! ! !


           Bellcore's Trusted Software Integrity (Betsi) System.


Betsi addresses a security concern of software distribution in the Internet.
Currently, there is no way to know that software obtained by anonymous ftp
has not been modified since it was posted. Also, malicious software can be
posted without the offender leaving a trace. Betsi is an experimental prototype 
that is meant to provide some degree of assurance about the integrity
of software and the identity of its author. 

The current version of Betsi is an experiment. The long-term 
goals are:
   
   -  help software venders distribute programs and patches 
   -  provide accountability by linking the author of a program
      to a real person whose identity is verified off-line 
   -  allow users to run software obtained on the Internet with
      less danger of viruses and trojan horses 
   -  use cryptographically strong techniques to preserve file
      integrity
   -  scale well in the Internet community
   -  minimize effort on the part of the users
   -  use existing infrastructure and standards

Betsi is a free, experimental service. It requires use of pgp to
verify signatures from Betsi. Betsi's public key is widely available.
It can be obtained from numerous public key servers by requesting
the key for certify or Betsi. It also appears in a paper that
was submitted for publication, in the help file (described in a moment)
and at the end of this message.

For additional information on Betsi send mail to
certify@bellcore.com with subject, help. 

A copy of the paper describing Betsi can be obtained by anonymous
ftp from thumper.bellcore.com in the directory /pub/certify.
A copy of the public key for Betsi can also be found there.
It is recommended that the key be obtained from at least two
different places and compared.


Betsi's public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi5I0LwAAAEEAJZi970w+Lb7onAmrnExWKrgUFbjJku29qVRlBY6/UtUH+fW
s7MtAEUKIhktJ0cDpE+5Tbi6Lev2RXmXhT1hEjwxSwVFOMJmOuMZxlj+586IKigC
vVjF+hCFKQWRXsleM/axVbpH+pNUmWcK6QMdBDFlzS/9pxdAiBPcEwSgd4ahAAUR
tBxCZXRzaSA8Y2VydGlmeUBiZWxsY29yZS5jb20+iQB1AgUQLkjREpti/eSkC5bZ
AQFzNwL8CVk6J8jhHukKKjrkdZX5VZMwuvgs7+ZIVR8fY+vpEBs6EbWAQpmm4ekV
C4D6UOYCRxARpQN09M1aE9qSz6XKkYQjs9Ul/xRLtazDAuYOAkRxO3mnrFa2u6Tc
+qXcZame
=68fV
-----END PGP PUBLIC KEY BLOCK-----

Fingerprint:

5F 34 26 5F 2A 48 6B 07  90 C9 98 C5 32 C3 44 0C





Thread