Verifying Authenticity of IBIS Models

From: J. Eric Bracken <bracken@bacon.performance.com>
Date: Fri Sep 16 1994 - 09:32:10 PDT

One techy-kind of way to verify the authenticity of IBIS models
is for the creator to include (as a comment) an electronic signature
in the submitted file.

The basic idea is to run a checksum on the file, encrypt the checksum
using a secret key, and then to append (or prepend) this "signature"
to the file as a comment.

The person who downloads the file uses a verifier program to check
the signature. This program will find the signature, decrypt it using
the vendor's public key (which must be widely published) and then compares
the stored checksum with the checksum it computes. If the checksums
match, it passes; if they don't match, the file is flagged as bogus.

When modern cryptographic techniques are used, it's EXTREMELY
difficult to fake the signature of another person/company. And with
modern checksumming algorithms it's also very, very hard to create a
bogus file with the same checksum.

As far as administration goes, the signing program would belong to a
select few authorities within semi vendor companies, and would be
password protected so that only those authorities could run it to put
the imprimatur on the file. The signature-verification program, and
lists of vendor public keys, could be distributed freely on the
bboard/FTP sites.

Just a wild idea...

--Eric
Received on Fri Sep 16 09:32:26 1994

This archive was generated by hypermail 2.1.8 : Fri Jun 03 2011 - 09:52:28 PDT