Browse Prior Art Database

Location-Independent Data/Software Integrity Protocol (RFC1805)

IP.com Disclosure Number: IPCOM000004061D
Original Publication Date: 1995-Jun-01
Included in the Prior Art Database: 2019-Feb-12
Document File: 6 page(s) / 9K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

A. Rubin: AUTHOR

Related Documents

10.17487/RFC1805: DOI

Abstract

This memo describes a protocol for adding integrity assurance to files that are distributed across the Internet. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 26% of the total text.

Network Working Group A. Rubin Request for Comments: 1805 Bellcore Category: Informational June 1995

Location-Independent Data/Software Integrity Protocol

Status of this Memo

This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Abstract

This memo describes a protocol for adding integrity assurance to files that are distributed across the Internet. This protocol is intended for the distribution of software, data, documents, and any other file that is subject to malicious modification. The protocol described here is intended to provide assurances of integrity and time. A trusted third party is required.

Introduction

One problem with any system for verifying the integrity of a file is that the verifying program itself may be attacked. Thus, although users may be reassured by their software that a file has not changed, in reality, the file, and the verifier might have both changed. Because of this danger, a protocol that does not rely on the distribution of some special software, but rather, is based entirely on widely used standards, is very useful. It allows users to build their own software, or obtain trusted copies of software to do integrity checking independently. Therefore, the protocol described in this memo is composed of ASCII messages that may be sent using e- mail or any other means. There is an existing implementation, Betsi [1], that is designed this way. Betsi has been in existence since August, 1994, and is operational on the Internet. It can be accessed by sending e-mail to certify@bellcore.com with subject ’help’, or via the world wide web at http://info.bellcore.com/BETSI/betsi.html.

Rubin Informational [Page 1]

RFC 1805 Location-Independent Data/Software Integrity Protocol June 1995

The purpose of the proposed protocol is for authors to be able to distribute their files to users on the internet with guarantees of time and integrity, by use of a trusted third party. The protocol is divided into several phases:

I. Author registration II. Author verification III. File Certification IV. File Distribution V. File Integrity Verification

Phases I, III, IV, and V are defined in the protocol. Phase II is intentionally not defined. Author verification can be different for different applications, and the particular method chosen for phase II is identified in phases III and V. It is the hope that further Internet Drafts will describe the various possibilities for phase II. This memo describes the method for author verification in the Betsi system, and makes several recommendations.

Requirements

It is important that the integrity and time information be independent from the location of the file. Lowry [2] defines a syntax and protocols for location-independent objects. His system requires that end-users possess special software, and is still in the prototype stage. The protocol described in this memo has been implemented, and is alrea...

Processing...
Loading...