RFC 5636

Traceable Anonymous Certificate, August 2009

File formats:
icon for text file icon for PDF icon for HTML
S. Park
H. Park
Y. Won
J. Lee
S. Kent
pkix (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC5636

Discuss this RFC: Send questions or comments to the mailing list pkix@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 5636


This document defines a practical architecture and protocols for offering privacy for a user who requests and uses an X.509 certificate containing a pseudonym, while still retaining the ability to map such a certificate to the real user who requested it. The architecture is compatible with IETF certificate request formats such as PKCS10 (RFC 2986) and CMC (RFC 5272). The architecture separates the authorities involved in issuing a certificate: one for verifying ownership of a private key (Blind Issuer) and the other for validating the contents of a certificate (Anonymity Issuer). The end entity (EE) certificates issued under this model are called Traceable Anonymous Certificates (TACs). This memo defines an Experimental Protocol for the Internet community.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search