Traceable Anonymous Certificate, August 2009
- File formats:
- S. Park
- pkix (sec)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
This document defines a practical architecture and protocols for offering privacy for a user who requests and uses an X.509 certificate containing a pseudonym, while still retaining the ability to map such a certificate to the real user who requested it. The architecture is compatible with IETF certificate request formats such as PKCS10 (RFC 2986) and CMC (RFC 5272). The architecture separates the authorities involved in issuing a certificate: one for verifying ownership of a private key (Blind Issuer) and the other for validating the contents of a certificate (Anonymity Issuer). The end entity (EE) certificates issued under this model are called Traceable Anonymous Certificates (TACs). This memo defines an Experimental Protocol for the Internet community.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.