datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Traceable Anonymous Certificate
RFC 5636

Document type: RFC - Experimental (August 2009)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5636 (Experimental)
Responsible AD: Tim Polk
Send notices to: pkix-chairs@tools.ietf.org, draft-ietf-pkix-tac@tools.ietf.org

Network Working Group                                            S. Park
Request for Comments: 5636                                       H. Park
Category: Experimental                                            Y. Won
                                                                  J. Lee
                                                                    KISA
                                                                 S. Kent
                                                        BBN Technologies
                                                             August 2009

                    Traceable Anonymous Certificate

Abstract

   This document defines a practical architecture and protocols for
   offering privacy for a user who requests and uses an X.509
   certificate containing a pseudonym, while still retaining the ability
   to map such a certificate to the real user who requested it.  The
   architecture is compatible with IETF certificate request formats such
   as PKCS10 (RFC 2986) and CMC (RFC 5272).  The architecture separates
   the authorities involved in issuing a certificate: one for verifying
   ownership of a private key (Blind Issuer) and the other for
   validating the contents of a certificate (Anonymity Issuer).  The end
   entity (EE) certificates issued under this model are called Traceable
   Anonymous Certificates (TACs).

Status of This Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Park, et al.                  Experimental                      [Page 1]
RFC 5636            Traceable Anonymous Certificate          August 2009

Table of Contents

   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................4
   2. General Overview ................................................4
   3. Requirements ....................................................5
   4. Traceable Anonymous Certificate Model ...........................6
   5. Issuing a TAC ...................................................7
      5.1. Steps in Issuing a TAC .....................................8
      5.2. Mapping a TAC to a User's Real Identity ...................15
      5.3. TAC Request Message Format Profile ........................17
           5.3.1. PKCS10 Profile .....................................17
           5.3.2. CMC Profile ........................................18
   6. Security Considerations ........................................19
   7. Acknowledgments ................................................21
   8. References .....................................................21
      8.1. Normative References ......................................21
      8.2. Informative References ....................................22
   Appendix A. Traceable Anonymous Certificate ASN.1 Modules .........24
   Appendix B. TAC Message Exchanges over Transport Layer Security ...26
      B.1. Message Exchanges between a User and the BI or the AI .....26
      B.2. Message Exchanges between the BI and the AI ...............27
      B.3. Message Exchanges between the Aggrieved Party and the AI
           or the BI .................................................27
   Appendix C. Cryptographic Message Syntax Profile for TAC Token ....28
      C.1. Signed-Data Content Type ..................................28
           C.1.1. encapContentInfo ...................................29
           C.1.2. signerInfos ........................................29

1.  Introduction

   Public Key Infrastructure (PKI) provides a powerful means of
   authenticating individuals, organizations, and computers (e.g., web
   servers).  However, when individuals use certificates to access
   resources on the public Internet, there are legitimate concerns about
   personal privacy, and thus there are increasing demands for privacy-
   enhancing techniques on the Internet.

   In a PKI, an authorized entity such as a Certification Authority (CA)
   or a Registration Authority (RA) may be perceived, from a privacy
   perspective, as a "big brother", even when a CA issues a certificate
   containing a Subject name that is a pseudonym.  This is because such

[include full document text]