RFC 1805 (rfc1805) - Page 1 of 6
Location-Independent Data/Software Integrity Protocol
Alternative Format: Original Text Document
Network Working Group A. Rubin
Request for Comments: 1805 Bellcore
Category: Informational June 1995
Location-Independent Data/Software Integrity Protocol
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
Abstract
This memo describes a protocol for adding integrity assurance to
files that are distributed across the Internet. This protocol is
intended for the distribution of software, data, documents, and any
other file that is subject to malicious modification. The protocol
described here is intended to provide assurances of integrity and
time. A trusted third party is required.
Introduction
One problem with any system for verifying the integrity of a file is
that the verifying program itself may be attacked. Thus, although
users may be reassured by their software that a file has not changed,
in reality, the file, and the verifier might have both changed.
Because of this danger, a protocol that does not rely on the
distribution of some special software, but rather, is based entirely
on widely used standards, is very useful. It allows users to build
their own software, or obtain trusted copies of software to do
integrity checking independently. Therefore, the protocol described
in this memo is composed of ASCII messages that may be sent using e-
mail or any other means. There is an existing implementation, Betsi
[1], that is designed this way. Betsi has been in existence since
August, 1994, and is operational on the Internet. It can be accessed
by sending e-mail to with subject 'help', or via
the world wide web at http://info.bellcore.com/BETSI/betsi.html.
Rubin Informational