From: p.v.mcmahon.rea0803@oasis.icl.co.uk
Date: Tue, 30 Aug 94 09:17:27 PDT
To: cypherpunks@toad.com
Subject: Betsi
Message-ID: <9408292150.AA23309@getafix.oasis.icl.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


FYI - PGP-based experimental service for verification of
software integrity from Bellcore. I haven't seen this
announcement turn up on the usual Usenet groups (yet), and
thought that it may be of interest to people here. [Apologies in
advance if it's a superfluous forwarding ...]
- pvm






    Date: Mon, 29 Aug 1994 13:27:19 -0400
    From: farber@central.cis.upenn.edu (David Farber)
    Subject: Bellcore's Trusted Software Integrity (Betsi) System



                         A N N O U N C I N G ! ! ! ! !


             Bellcore's Trusted Software Integrity (Betsi) System.


    Betsi  addresses  a  security  concern  of  software distribution in the
    Internet.  Currently, there is no way to know that software obtained  by
    anonymous  ftp  has  not  been  modified  since  it  was  posted.  Also,
    malicious software can be posted without the offender leaving  a  trace.
    Betsi  is an experimental prototype that is meant to provide some degree
    of assurance about the integrity of software and  the  identity  of  its
    author.

    The current version of Betsi is an experiment.  The long-term goals are:

         -  help software vendors distribute programs and patches
         -  provide accountability by linking the author of a program
            to a real person whose identity is verified off-line
         -  allow users to run software obtained on the Internet with
            less danger of viruses and Trojan horses
         -  use cryptographically strong techniques to preserve file
            integrity
         -  scale well in the Internet community
         -  minimize effort on the part of the users
         -  use existing infrastructure and standards

    Betsi is a free, experimental service.  It requires use of PGP to verify
    signatures from Betsi.  Betsi's public key is widely available.  It  can
    be  obtained  from numerous public key servers by requesting the key for
    certify or Betsi. It also appears in a  paper  that  was  submitted  for
    publication,  in the help file (described in a moment) and at the end of
    this message.

    For  additional  information  on Betsi send mail to certify@bellcore.com
    with subject, help.

    A  copy  of  the paper describing Betsi can be obtained by anonymous ftp
    from thumper.bellcore.com in the directory /pub/certify.  A copy of  the
    public  key  for  Betsi can also be found there.  It is recommended that
    the key be obtained from at least two different places and compared.


    Betsi's public key:

                      -----BEGIN PGP PUBLIC KEY BLOCK-----
                                  Version: 2.6

    mQCNAi5I0LwAAAEEAJZi970w+Lb7onAmrnExWKrgUFbjJku29qVRlBY6/UtUH+fW
    s7MtAEUKIhktJ0cDpE+5Tbi6Lev2RXmXhT1hEjwxSwVFOMJmOuMZxlj+586IKigC
    vVjF+hCFKQWRXsleM/axVbpH+pNUmWcK6QMdBDFlzS/9pxdAiBPcEwSgd4ahAAUR
    tBxCZXRzaSA8Y2VydGlmeUBiZWxsY29yZS5jb20+iQB1AgUQLkjREpti/eSkC5bZ
    AQFzNwL8CVk6J8jhHukKKjrkdZX5VZMwuvgs7+ZIVR8fY+vpEBs6EbWAQpmm4ekV
    C4D6UOYCRxARpQN09M1aE9qSz6XKkYQjs9Ul/xRLtazDAuYOAkRxO3mnrFa2u6Tc
    +qXcZame
      =68fV
                       -----END PGP PUBLIC KEY BLOCK-----

      Fingerprint:

      5F 34 26 5F 2A 48 6B 07  90 C9 98 C5 32 C3 44 0C