Traceable Anonymous Certificate
RFC 5636
Document Type RFC - Experimental (August 2009; Errata)
Last updated 2019-12-13
Stream IETF
Formats plain text html pdf htmlized bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5636 (Experimental)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Tim Polk
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                            S. Park
Request for Comments: 5636                                       H. Park
Category: Experimental                                            Y. Won
                                                                  J. Lee
                                                                    KISA
                                                                 S. Kent
                                                        BBN Technologies
                                                             August 2009

                    Traceable Anonymous Certificate

Abstract

   This document defines a practical architecture and protocols for
   offering privacy for a user who requests and uses an X.509
   certificate containing a pseudonym, while still retaining the ability
   to map such a certificate to the real user who requested it.  The
   architecture is compatible with IETF certificate request formats such
   as PKCS10 (RFC 2986) and CMC (RFC 5272).  The architecture separates
   the authorities involved in issuing a certificate: one for verifying
   ownership of a private key (Blind Issuer) and the other for
   validating the contents of a certificate (Anonymity Issuer).  The end
   entity (EE) certificates issued under this model are called Traceable
   Anonymous Certificates (TACs).

Status of This Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Park, et al.                  Experimental                      [Page 1]
RFC 5636            Traceable Anonymous Certificate          August 2009

Table of Contents

   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................4
   2. General Overview ................................................4
   3. Requirements ....................................................5
   4. Traceable Anonymous Certificate Model ...........................6
   5. Issuing a TAC ...................................................7
      5.1. Steps in Issuing a TAC .....................................8
      5.2. Mapping a TAC to a User's Real Identity ...................15
      5.3. TAC Request Message Format Profile ........................17
           5.3.1. PKCS10 Profile .....................................17
           5.3.2. CMC Profile ........................................18
   6. Security Considerations ........................................19
   7. Acknowledgments ................................................21
   8. References .....................................................21
      8.1. Normative References ......................................21
      8.2. Informative References ....................................22
   Appendix A. Traceable Anonymous Certificate ASN.1 Modules .........24
   Appendix B. TAC Message Exchanges over Transport Layer Security ...26
      B.1. Message Exchanges between a User and the BI or the AI .....26
      B.2. Message Exchanges between the BI and the AI ...............27
      B.3. Message Exchanges between the Aggrieved Party and the AI
           or the BI .................................................27
   Appendix C. Cryptographic Message Syntax Profile for TAC Token ....28
      C.1. Signed-Data Content Type ..................................28
           C.1.1. encapContentInfo ...................................29
           C.1.2. signerInfos ........................................29

1.  Introduction

   Public Key Infrastructure (PKI) provides a powerful means of
   authenticating individuals, organizations, and computers (e.g., web
   servers).  However, when individuals use certificates to access
   resources on the public Internet, there are legitimate concerns about
   personal privacy, and thus there are increasing demands for privacy-
   enhancing techniques on the Internet.

   In a PKI, an authorized entity such as a Certification Authority (CA)
   or a Registration Authority (RA) may be perceived, from a privacy
   perspective, as a "big brother", even when a CA issues a certificate
   containing a Subject name that is a pseudonym.  This is because such
   entities can always map a pseudonym in a certificate they issued to
   the name of the real user to whom it was issued.  This document
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools