Browse Prior Art Database

Traceable Anonymous Certificate (RFC5636)

IP.com Disclosure Number: IPCOM000186519D
Original Publication Date: 2009-Aug-01
Included in the Prior Art Database: 2009-Aug-25
Document File: 62 page(s) / 70K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Park: AUTHOR [+5]

Abstract

This document defines a practical architecture and protocols for offering privacy for a user who requests and uses an X.509 certificate containing a pseudonym, while still retaining the ability to map such a certificate to the real user who requested it. The architecture is compatible with IETF certificate request formats such as PKCS10 (RFC 2986) and CMC (RFC 5272). The architecture separates the authorities involved in issuing a certificate: one for verifying ownership of a private key (Blind Issuer) and the other for validating the contents of a certificate (Anonymity Issuer). The end entity (EE) certificates issued under this model are called Traceable Anonymous Certificates (TACs).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group                                            S. Park Request for Comments: 5636                                       H. Park Category: Experimental                                            Y. Won                                                                   J. Lee                                                                     KISA                                                                  S. Kent                                                         BBN Technologies                                                              August 2009

                     Traceable Anonymous Certificate

Abstract

   This document defines a practical architecture and protocols for    offering privacy for a user who requests and uses an X.509    certificate containing a pseudonym, while still retaining the ability    to map such a certificate to the real user who requested it.  The    architecture is compatible with IETF certificate request formats such    as PKCS10 (RFC 2986) and CMC (RFC 5272).  The architecture separates    the authorities involved in issuing a certificate: one for verifying    ownership of a private key (Blind Issuer) and the other for    validating the contents of a certificate (Anonymity Issuer).  The end    entity (EE) certificates issued under this model are called Traceable    Anonymous Certificates (TACs).

Status of This Memo

   This memo defines an Experimental Protocol for the Internet    community.  It does not specify an Internet standard of any kind.    Discussion and suggestions for improvement are requested.    Distribution of this memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents in effect on the date of    publication of this document (http://trustee.ietf.org/license-info).    Please review these documents carefully, as they describe your rights    and restrictions with respect to this document.

 Park, et al.                  Experimental                      [Page 1]
 RFC 5636            Traceable Anonymous Certificate          August 2009

 Table of Contents

   1. Introduction ....................................................2

      1.1. Conventions U...