IETF pkix - vyšel draft: Traceable Anonymous Certificate
29.10.2008Abstract:
Public Key Infrastructure (PKI) provides a powerful means of
authenticating individuals, organizations, and computers(e.g.,
web servers). However, when individuals use certificates to
access resources on the public Internet, there are legitimate
concerns about personal privacy, and thus there are increasing
demands for privacy enhancing techniques on the Internet.
In a PKI, an authorized entity such as a certification Authority
(CA) or a Registration Authority (RA) may be perceived, from a
privacy perspective, as a "big brother," even when a CA issues a
certificate containing a Subject name that is a pseudonym. This
is because such entities can always map a pseudonym in a
certificate they issued to the name of the real user to whom it
was issued. This document defines a practical architecture and
protocols for offering privacy for a user who requests and uses
an X.509 certificate containing a pseudonym, while still retaining
the ability to map such a certificate to the real user who
requested it. The architecture is compatible with IETF certificate
request formats such as PKCS10 [2], CRMF [3]. The architecture
separates the authorities involved in issuing a certificate: one
for verifying ownership of a private key (Blind Issuer) and the
other for validating the contents of a certificate (Anonymous
Issuer). The end-entity(EE) certificates issued under this model
are called Traceable Anonymous Certificates (TACs).
Zdroj: http://www.ietf.org/internet-drafts/draft-ietf-pkix-tac-01.txt Autor: JP
Heuristické vyhledání souvisejících článků v archívu NEWS
Pozor - není zdaleka přesné a výsledek je bez záruky...
Chcete-li článek obsahující konkrétní termín - pou·ijte funkci
vyhledávání !