RFC 5636
Traceable Anonymous Certificate, August 2009
- File formats:
- Status:
- EXPERIMENTAL
- Authors:
- S. Park
H. Park
Y. Won
J. Lee
S. Kent - Stream:
- IETF
- Source:
- pkix (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC5636
Discuss this RFC: Send questions or comments to the mailing list pkix@ietf.org
Other actions: View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 5636
Abstract
This document defines a practical architecture and protocols for offering privacy for a user who requests and uses an X.509 certificate containing a pseudonym, while still retaining the ability to map such a certificate to the real user who requested it. The architecture is compatible with IETF certificate request formats such as PKCS10 (RFC 2986) and CMC (RFC 5272). The architecture separates the authorities involved in issuing a certificate: one for verifying ownership of a private key (Blind Issuer) and the other for validating the contents of a certificate (Anonymity Issuer). The end entity (EE) certificates issued under this model are called Traceable Anonymous Certificates (TACs). This memo defines an Experimental Protocol for the Internet community.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.