Network Working Group S. Park
Request for Comments: 5636 H. Park
Category: Experimental Y. Won
J. Lee
KISA
S. Kent
BBN Technologies
August 2009
Traceable Anonymous Certificate
Abstract
This document defines a practical architecture and protocols for
offering privacy for a user who requests and uses an X.509
certificate containing a pseudonym, while still retaining the ability
to map such a certificate to the real user who requested it. The
architecture is compatible with IETF certificate request formats such
as PKCS10 (RFC 2986) and CMC (RFC 5272). The architecture separates
the authorities involved in issuing a certificate: one for verifying
ownership of a private key (Blind Issuer) and the other for
validating the contents of a certificate (Anonymity Issuer). The end
entity (EE) certificates issued under this model are called Traceable
Anonymous Certificates (TACs).
Status of This Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Park, et al. Experimental [Page 1]
RFC 5636 Traceable Anonymous Certificate August 2009
Table of Contents
1. Introduction ....................................................2
1.1. Conventions Used in This Document ..........................4
2. General Overview ................................................4
3. Requirements ....................................................5
4. Traceable Anonymous Certificate Model ...........................6
5. Issuing a TAC ...................................................7
5.1. Steps in Issuing a TAC .....................................8
5.2. Mapping a TAC to a User's Real Identity ...................15
5.3. TAC Request Message Format Profile ........................17
5.3.1. PKCS10 Profile .....................................17
5.3.2. CMC Profile ........................................18
6. Security Considerations ........................................19
7. Acknowledgments ................................................21
8. References .....................................................21
8.1. Normative References ......................................21
8.2. Informative References ....................................22
Appendix A. Traceable Anonymous Certificate ASN.1 Modules .........24
Appendix B. TAC Message Exchanges over Transport Layer Security ...26
B.1. Message Exchanges between a User and the BI or the AI .....26
B.2. Message Exchanges between the BI and the AI ...............27
B.3. Message Exchanges between the Aggrieved Party and the AI
or the BI .................................................27
Appendix C. Cryptographic Message Syntax Profile for TAC Token ....28
C.1. Signed-Data Content Type ..................................28
C.1.1. encapContentInfo ...................................29
C.1.2. signerInfos ........................................29
1. Introduction
Public Key Infrastructure (PKI) provides a powerful means of
authenticating individuals, organizations, and computers (e.g., web
servers). However, when individuals use certificates to access
resources on the public Internet, there are legitimate concerns about
personal privacy, and thus there are increasing demands for privacy-
enhancing techniques on the Internet.
In a PKI, an authorized entity such as a Certification Authority (CA)
or a Registration Authority (RA) may be perceived, from a privacy
perspective, as a "big brother", even when a CA issues a certificate
containing a Subject name that is a pseudonym. This is because such
datatracker.ietf.org