Announcing Bellcore's Trusted Software Integrity (Betsi) System
A N N O U N C I N G ! ! ! ! ! Bellcore's Trusted Software Integrity (Betsi) System. Betsi addresses a security concern of software distribution in the Internet. Currently, there is no way to know that software obtained by anonymous ftp has not been modified since it was posted. Also, malicious software can be posted without the offender leaving a trace. Betsi is an experimental prototype that is meant to provide some degree of assurance about the integrity of software and the identity of its author. The current version of Betsi is an experiment. The long-term goals are: - help software venders distribute programs and patches - provide accountability by linking the author of a program to a real person whose identity is verified off-line - allow users to run software obtained on the Internet with less danger of viruses and trojan horses - use cryptographically strong techniques to preserve file integrity - scale well in the Internet community - minimize effort on the part of the users - use existing infrastructure and standards Betsi is a free, experimental service. It requires use of pgp to verify signatures from Betsi. Betsi's public key is widely available. It can be obtained from numerous public key servers by requesting the key for certify or Betsi. It also appears in a paper that was submitted for publication, in the help file (described in a moment) and at the end of this message. For additional information on Betsi send mail to certify@bellcore.com with subject, help. A copy of the paper describing Betsi can be obtained by anonymous ftp from thumper.bellcore.com in the directory /pub/certify. A copy of the public key for Betsi can also be found there. It is recommended that the key be obtained from at least two different places and compared. Betsi's public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi5I0LwAAAEEAJZi970w+Lb7onAmrnExWKrgUFbjJku29qVRlBY6/UtUH+fW s7MtAEUKIhktJ0cDpE+5Tbi6Lev2RXmXhT1hEjwxSwVFOMJmOuMZxlj+586IKigC vVjF+hCFKQWRXsleM/axVbpH+pNUmWcK6QMdBDFlzS/9pxdAiBPcEwSgd4ahAAUR tBxCZXRzaSA8Y2VydGlmeUBiZWxsY29yZS5jb20+iQB1AgUQLkjREpti/eSkC5bZ AQFzNwL8CVk6J8jhHukKKjrkdZX5VZMwuvgs7+ZIVR8fY+vpEBs6EbWAQpmm4ekV C4D6UOYCRxARpQN09M1aE9qSz6XKkYQjs9Ul/xRLtazDAuYOAkRxO3mnrFa2u6Tc +qXcZame =68fV -----END PGP PUBLIC KEY BLOCK----- Fingerprint: 5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C
In article <199408291628.MAA19544@faline.bellcore.com>, Avi Rubin <rubin@faline.bellcore.com> wrote:
-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----
Fingerprint:
5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C
I've seen this sort of thing several places... Am I totally off base in thinking that distributing the fingerprint in the same way as the public key is close to totally pointless? -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus@bb.com | you understand?"
-----BEGIN PGP SIGNED MESSAGE-----
In article <199408291628.MAA19544@faline.bellcore.com>, Avi Rubin <rubin@faline.bellcore.com> wrote:
-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----
Fingerprint:
5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C
I've seen this sort of thing several places...
Am I totally off base in thinking that distributing the fingerprint in the same way as the public key is close to totally pointless?
Distributing the key fingerprint allows J. Random Human to correlate a key supplied via one method with that supplied via another. For example, now that I have the fingerprint for the Betsi key, I can verify whether any other alleged Betsi key I see is real or not. It's a lot easier to read off & cross-check 32-character fingerprints than the entire key block, especially as signatures are added and the key block grows in size. - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich@ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmJSdKfb4pLe9tolAQEZkgP/W7P8Edw8sEI78V3HgtDjXDo/F09Gw7VF 4FH6pMIVT9w/jT30Adf6BxL+dhb1mcHuBhnhr7bIA31cerZpt+NiVwBbqAoSh+XW vFfkId5k3qmUIAypFQFe5BSHKS+yF6Rf8ERXZAFv2+a/ZJrpLxnW6FgFiU+dFt86 KEK/5EFiOCw= =qlgk -----END PGP SIGNATURE-----
I've revised my opinion: It's not close to useless, it's worse than useless. Two things people seem not to be getting: 1. Including the fingerprint with a signed message is much less pointless. This was distributing the fingerprint *with the public key*. That's bogus. However, even were this a signed message rather than a key... 2. Encouraging people to trust the included ASCII fingerprint is a Bad Thing. Why not just include these fingerprint things and not bother with this confusing, patented RSA stuff? Much easier that way. Great. Here's the Betsi key, with the fingerprint included for those who don't want to use PGP to do the computation. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQA9Ai5iKZAAAAEBgMAWW4+5FhyI3A5g4BT7bX8HwC6Ql4rwD/VlCNZnWZefReA5 CMJ+ot/oLrWaACcuJQAFEbQWQmV0c2kgPGNlcnRpZnlAYmIuY29tPg== =9juv -----END PGP PUBLIC KEY BLOCK----- Fingerprint: 5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C [Security or ease of use. Choose one.] -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus@bb.com | you understand?"
[Not all observations are mine: some belong to Andrew Boardman] Okay, I have a strong interest in this, because we want to be able to distribute ICE through traditional "freeware" channels while minimizing the threat of spoofing. I expect much better from Bellcore.
Betsi addresses a security concern of software distribution in the Internet. Currently, there is no way to know that software obtained by anonymous ftp has not been modified since it was posted.
Whoever wrote the blurb clearly wasn't aware of (or chose to ignore) the already existing practice of individuals signing their own code. Why channel everything through this one Betsi agent? If Betsi's key is compromised, *ALL* of their customers lose.
- provide accountability by linking the author of a program to a real person whose identity is verified off-line
This is unnecessary, and I would claim undesirable. A unique anonymous ID is just as good as a "real" one -- since you're relying upon PGP anyway, the mapping from signature to a known identity is one-to-one. The only reason I can see to require this "real human" mapping is to try to prosecute people for bugs in their code or some contamination that seeps into their release. That's not an aspect of the world I want to live in.
- minimize effort on the part of the users
This, I'd love to see. How do you securely get a user who doesn't know how to use PGP to verify the signature? I think most users out there are not likely to learn to use PGP on their own: this is from too many (3+) years of tech support at Carnegie Mellon -- hardly a technological backwater. People want to use their application and not worry about anything else. Make the damned computer work and let me finish my paper and get out of here. I guess my overall reaction to this Betsi thing is: why? As far as I can see, this Betsi agent only sets up a single choke point through which all software using Betsi can be compromised, for no particular gain. The current method of individuals signing their code with their well-known keys is far more secure and doesn't force the handing over of identities to the Software Police. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus@bb.com | you understand?"
participants (3)
-
cactus@bb.com -
paul@poboy.b17c.ingr.com -
rubin@faline.bellcore.com