Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Location-Independent Data/Software Integrity Protocol (RFC1805)

IP.com Disclosure Number: IPCOM000004061D
Original Publication Date: 1995-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 5 page(s) / 12K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

A. Rubin: AUTHOR

Abstract

This memo describes a protocol for adding integrity assurance to files that are distributed across the Internet. This protocol is intended for the distribution of software, data, documents, and any other file that is subject to malicious modification. The protocol described here is intended to provide assurances of integrity and time. A trusted third party is required.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 22% of the total text.

Network Working Group A. Rubin

Request for Comments: 1805 Bellcore

Category: Informational June 1995

Location-Independent Data/Software Integrity Protocol

Status of this Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

This memo describes a protocol for adding integrity assurance to

files that are distributed across the Internet. This protocol is

intended for the distribution of software, data, documents, and any

other file that is subject to malicious modification. The protocol

described here is intended to provide assurances of integrity and

time. A trusted third party is required.

Introduction

One problem with any system for verifying the integrity of a file is

that the verifying program itself may be attacked. Thus, although

users may be reassured by their software that a file has not changed,

in reality, the file, and the verifier might have both changed.

Because of this danger, a protocol that does not rely on the

distribution of some special software, but rather, is based entirely

on widely used standards, is very useful. It allows users to build

their own software, or obtain trusted copies of software to do

integrity checking independently. Therefore, the protocol described

in this memo is composed of ASCII messages that may be sent using e-

mail or any other means. There is an existing implementation, Betsi

[1], that is designed this way. Betsi has been in existence since

August, 1994, and is operational on the Internet. It can be accessed

by sending e-mail to certify@bellcore.com with subject 'help', or via

the world wide web at http://info.bellcore.com/BETSI/betsi.html.

The purpose of the proposed protocol is for authors to be able to

distribute their files to users on the internet with guarantees of

time and integrity, by use of a trusted third party. The protocol is

divided into several phases:

I. Author registration

II. Author verification

III. File Certification

IV. File Distribution

V. File Integrity Verification

Phases I, III, IV, and V are defined in the protocol. Phase II is

intentionally not defined. Author verification can be different for

different applications, and the particular method chosen for phase II

is identified in phases III and V. It is the hope that further

Internet Drafts will describe the various possib...